ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Log4Shell threat remains extremely high - Barracuda

By Shannon Williams
Thu 3 Mar 2022

The quantity of cyber attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to Barracuda Networks. 

New Threat Spotlight analysis from cloud-enabled security solutions provider Barracuda Networks says that while he Log4Shell vulnerabilities have now been around for more than two months, the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, with a few dips and spikes, over the past two months.

It is predicted that this attack pattern will continue, given the popularity of the software, the exploitability of the vulnerability, and the payoff when a compromise happens.

Geographically, Barracuda Networks uncovered that 83 per cent of the attacks on their systems came from IP addresses in the United States, with 50 per cent being associated with Amazon Web Services and other large data centers.

Threats analysed also came from Japan, Germany, Netherlands, and Russia.

The UK National Cyber Security Centre have previously advised individuals and businesses to be wary of the threat and to ensure all devices are regularly updated.

Log4Shell is a Java-based error logging audit framework which is an Apache project, and is utilised by many major organisations such as Apple, Amazon and Twitter. Hackers can breach devices running the vulnerabilities to break into IT systems and steal passwords, extract data and infect networks with malicious software.

Researchers at Barracuda Networks found a variety of threats ranging from videos of Rick Astley's Never Gonna Give You Up, cryptocurrency mining payloads, and Distributed Denial of Service (DDoS) malware. They predict that threat actors are working to build out a large botnet and there should be an expectation of large DDoS attacks in the near future.

"Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to guard against attacks," said Tushar Richabadas, product marketing manager, Barracuda Networks.

"The best way to protect against Log4Shell specifically is to upgrade to the latest version of Log4J. Maintaining up-to-date software and libraries helps ensure that vulnerabilities are patched in a timely manner," he said.

"All-in-one solutions are now available to protect your web applications from being exploited at the hands of these vulnerabilities," added Richabadas.

"Web Application Firewall and WAF-as-a-service solutions, also known as Web Application and API Protection (WAAP) services, can help to protect web applications by providing the latest security solutions in one easy-to-use location."

Earlier this year, Imperva Research Labs said the Log4Shell zero day vulnerability is "truly one of the most significant security threats of the past decade" and its effects will be felt far into 2022 and beyond.

Imperva had released its analysis of recent Log4j related vulnerabilities including attack patterns, payloads and bypass techniques.

The company observed more than 102 million exploitation attempts since the disclosure on December 9. In the first 10 days, Imperva observed almost 1.3 million exploit attempts per hour. 

According to the research, commonly targeted industries are financial services (29.6%), food and beverages (12.4%) and computing and IT (10.4%). Attackers largely used a “spray and pray” approach to the exploitation of this vulnerability.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
SOTI
Australian consumers loyal to retailers who deliver speed and visibility
SOTI finds extensive order visibility and speed are the most important factors for turning one-off customers into loyal, long-term buyers.
Story image
Online shopping
Consumers want speed, visibility in return for brand loyalty
72% of Australian shoppers want complete online order visibility and 63% are loyal to retailers who deliver goods the fastest.
Story image
Robotics
Evonik relies on Getac F110 tablet to control autonomous robot
The aim of the project is to evaluate the practicality of an automated robotic maintenance and inspection solution in the chemical industry.
Story image
HP Inc
Firmware attacks significant threat in age of hybrid work
Changing workforce dynamics are creating new challenges for IT teams around firmware security, according to new research.
Story image
Cybersecurity
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Story image
Cybersecurity
Email threats spike 101%, remains a top attack vector
"Each year we see innovation in the threat landscape, but each year email remains a major threat to organisations."
Story image
Infrastructure
Global investment in data centers more than doubled in 2021
DLA Piper's latest global survey finds the total investment in data center infrastructure worldwide rose from USD $24.4 billion in 2020 to USD $53.8 billion in 2021.
Story image
Hybrid Cloud
Advent One acquires Layer 8 Networks, complements hybrid cloud offering
The acquisition comes at a time of surging demand in hybrid cloud, network virtualisation and network security.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Data
MYOB improves data visibility and user access with Snowflake
"Solutions such as Snowflake allow us to better understand our customers and make evidence-based decisions on what features work best for them."
Story image
BitTitan
How to achieve your monthly recurring revenue goals
Monthly recurring revenue (MRR) is the ultimate goal, the most important issue on which anyone in the IT channel should focus.
Story image
MSP
Video: 10 Minute IT Jams - An update from CyberArk
Olly Stimpson joins us today to discuss the importance of MSP programmes and how MSP partners are experiencing success with CyberArk.
Story image
Microsoft
SAS wins Microsoft ISV 2022 Partner of the Year award
"We formed the SAS and Microsoft strategic partnership with a shared goal of making it easier for customers to drive better decisions in the cloud."
Story image
Salesforce
Data crucial to capture shoppers' wallets post-COVID
First-party data strategies key to driving personalisation, customer satisfaction, and long-lasting relationships according to a new report.
Story image
WatchGuard Technologies
Ransomware volume doubled 2021 total by end of Q1 2022
Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to a new report. 
Story image
Cyber Criminal
Identity and access: the fight is on
Blue team defenders are used to protecting our data, applications, and users with access controls and other security mechanisms, which is why attacks like this are especially challenging when they target identity and access control systems.
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Microsoft
TO THE NEW unveils A/NZ Managed Services for Microsoft Azure
TO THE NEW has released Managed Services for Microsoft Azure to meet the growing demand in the A/NZ market and globally.
Story image
Dicker Data
EXCLUSIVE: Why women in IT makes good business sense - Dicker Data
The Federal government wants to bolster female participation in the tech industry to at least 40% by 2030. Here's how one homegrown Australian company has already reached that goal.
Story image
Civil Defence
OutSystems platform chosen as part of ADF contract
"To be included in this project is a reflection of our ability to deliver secure, modern digital outcomes for defence at an incredible pace."
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Sustainability
Honeywell launches new carbon energy management software for buildings
The new Carbon & Energy Management service allows building owners to track and optimise energy performance against carbon reduction goals, down to a device or asset level.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Cybersecurity
FIDO Alliance releases guidelines for optimising UX with FIDO Security Keys
The new guidelines aim to accelerate multi-factor authentication deployment and adoption with FIDO security keys.
Story image
Cloudian
Cloudian, Vertica to deliver on-premise data warehouse platform
"We’re enabling our customers to capitalise on a leading object storage platform and maximise the value of their digital assets.”
Story image
Digital Transformation
Google Cloud launches new Digital Accelerator bundles for Aussie SMBs
The new bundles are designed to help Australian small and medium-sized businesses embrace digital transformation and take their businesses online.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Cryptocurrency
NOWPayments launches new service to analyse cryptocurrency fees
NOWPayments has launched a new network fee optimisation solution that analyses current network fees and picks the most profitable option out of the client's payout wallets.
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Internet of Things
ManageEngine wins big in IDC MarketScape assessment
ManageEngine's Endpoint Central service has been recognised as a leader by IDC MarketScape in several categories including Internet of Things device deployments and UEM software for SMEs.
Story image
Identity and Access Management
Ping Identity named a Leader in Access Management
Ping Identity has been named a leader in the 2022 KuppingerCole Leadership Compass report for Access Management. 
Story image
Manufacturing
Sutton Tools deploys Infor M3 CloudSuite for manufacturing
Sutton Tools has also implemented the Infor OS cloud operating platform, including Infor Intelligent Open Network and Mongoose.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why its time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Retail
Australia Post Online Retail Industry Awards finalists for 2022 announced
Finalists have been announced for this year's 2022 Australia Post Online Retail Industry Awards (ORIAS Awards), recognising the achievements of online retailers in Australia.
Story image
Hybrid Cloud
HPE GreenLake advances hybrid cloud experience with new services
"The innovations unveiled today further build on our vision to provide the market with an unmatched platform to spur innovation and drive transformation.”
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Cybersecurity
Vulnerable APIs costing businesses billions every year
Large companies are particularly vulnerable to the security risks associated with exposed or unprotected APIs as they accelerate digital transformation.  
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Oracle Cloud
Commvault, Oracle to deliver Metallic Data Management as a Service
"We are excited to partner with Commvault and enable our customers to restore and recover their most mission-critical cloud data."
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology.