My TechDecisions

IT Infrastructure, Network Security, News

30% Of Log4j Instances Remain Vulnerable To Exploitation

Qualys finds that nearly a third of Log4j instances remain vulnerable to attack more than three months after the flaw was discovered.

Leave a Comment

Log4j, Log4Shell, GreyNoise
stock.adobe.com/Andreas Prott

More than two months after the Log4j vulnerabilities known as Log4Shell were discovered, 30% of Log4j instances remain vulnerable for hackers to exploit and take control of affected systems, according to cybersecurity firm Qualys.

The company indexed more than 10 trillion data points across its installed enterprise customer base and completed six billion IP scans per year with 75 million cloud agents deployed in hybrid IT environments globally, giving the company a “unique vantage point” that can detect Log4Shell.

The research team then analyzed anonymized security data cross the networks of its global enterprise customers, and discovered that nearly a third of Log4j instances remain vulnerable to exploitation.

According to Qualys, of the 22 million vulnerable instances, more than 80% were open source applications.

However, the vulnerabilities were also found in cloud workloads and containers across the U.S. and EMEA, suggesting that enterprises need to continue scanning containers for flaws like Log4Shell.

Cybersecurity agencies discovered nearly 1,500 vulnerable technology products, of which 1,065 across 52 publishers are currently in use. A surprisingly large number of application installations with Log4j were flagged as “end-of-support,” meaning those vendors will likely not be patching their products’ Log4j instances.

According to Qualys’ report, the Log4Shell vulnerability was detected in more than 2,800 web applications, which became the first line of defense for enterprises fending of early attacks in late 2021. Over 80% of the vulnerable assets were on Linux systems, according to Qualys.

The average time to remediate Log4Shell after detection is 17 days, and systems that can be exploited remotely are patched in an average of 12 days, while internal systems are slower.

After the first month, remediation efforts began trending down once security teams began finding it easier to mitigate Log4Shell rather than permanently fixing it, Qualys found.

Other recent research suggests IT professionals need to continue to mitigate the vulnerability. Google’s Threat Horizons Executive Snapshot last month found that Google Cloud continues to see 400,000 scans for Log4j each day, with other cloud providers thought to be experiencing the same.

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Guide to creating a ransomware response plan download
Blueprint Series: Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ