Hackers use Log4J vulnerabilities to launch large-scale attacks
Since the widely used java logging library Log4J broke out a high-risk vulnerability last Friday, hackers have launched more than 840,000 attacks on enterprises all over the world. Log4J uses the Java Naming and Directory Interface to perform network lookups and obtains services from the Lightweight Directory Access Protocol. It processes log messages as URLs and executes any executable load contained in it with the full authority of the main program. Its vulnerabilities can be easily exploited. After the vulnerability was exposed, attackers were accelerating the use of Log4 J before the companies that used Log4 J patched it in time. Security researchers even observed that the number of attacks in one minute exceeded 100 times, which was called Log4. The vulnerability of J shell is considered to be one of the most serious vulnerabilities discovered so far. The security company Check Point reported that after the attackers took advantage of the vulnerability to control the computer, they either carried out cryptocurrency mining, or used it as part of a botnet, or carried out other illegal activities.