• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

30% Of Log4j Instances Remain Vulnerable To Exploitation

Qualys finds that nearly a third of Log4j instances remain vulnerable to attack more than three months after the flaw was discovered.

March 24, 2022 Zachary Comeau Leave a Comment

Log4j, Log4Shell, GreyNoise
stock.adobe.com/Andreas Prott

More than two months after the Log4j vulnerabilities known as Log4Shell were discovered, 30% of Log4j instances remain vulnerable for hackers to exploit and take control of affected systems, according to cybersecurity firm Qualys.

The company indexed more than 10 trillion data points across its installed enterprise customer base and completed six billion IP scans per year with 75 million cloud agents deployed in hybrid IT environments globally, giving the company a “unique vantage point” that can detect Log4Shell.

The research team then analyzed anonymized security data cross the networks of its global enterprise customers, and discovered that nearly a third of Log4j instances remain vulnerable to exploitation.

According to Qualys, of the 22 million vulnerable instances, more than 80% were open source applications.

However, the vulnerabilities were also found in cloud workloads and containers across the U.S. and EMEA, suggesting that enterprises need to continue scanning containers for flaws like Log4Shell.

Cybersecurity agencies discovered nearly 1,500 vulnerable technology products, of which 1,065 across 52 publishers are currently in use. A surprisingly large number of application installations with Log4j were flagged as “end-of-support,” meaning those vendors will likely not be patching their products’ Log4j instances.

According to Qualys’ report, the Log4Shell vulnerability was detected in more than 2,800 web applications, which became the first line of defense for enterprises fending of early attacks in late 2021. Over 80% of the vulnerable assets were on Linux systems, according to Qualys.

The average time to remediate Log4Shell after detection is 17 days, and systems that can be exploited remotely are patched in an average of 12 days, while internal systems are slower.

After the first month, remediation efforts began trending down once security teams began finding it easier to mitigate Log4Shell rather than permanently fixing it, Qualys found.

Other recent research suggests IT professionals need to continue to mitigate the vulnerability. Google’s Threat Horizons Executive Snapshot last month found that Google Cloud continues to see 400,000 scans for Log4j each day, with other cloud providers thought to be experiencing the same.

Tagged With: Cybersecurity, Log4j

Related Content:

  • ScreenBeam Logo ScreenBeam Invites K-12 Institutions to Apply for Wireless…
  • 1E Patch Insights, Patch Management, Software update 1E Releases Patch Insights to Augment Microsoft Patching…
  • Google AI Investment, Anthropic, OpenAI, ChatGPT Google Makes Key AI Investment as Microsoft Begins…
  • AVer CAM550 and VB342 Pro Certified for Microsoft Teams AVer CAM550, VB342 Pro 4K PTZ Cameras Certified…

Free downloadable guide you may like:

  • Harnessing the Power of Digital SignageHarnessing the Power of Digital Signage

    Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Guide to creating a ransomware response plan download
Blueprint Series: Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.