The Log4j Incident: A Comprehensive Measurement Study of a Critical Vulnerability

Publikation: Beitrag in FachzeitschriftForschungsartikelBeigetragenBegutachtung

Beitragende

Abstract

On December 10, 2021, Log4Shell was disclosed to the public and was quickly recognized as a most severe vulnerability. It exploits a bug in the wide-spread Log4j library that allows for critical remote-code-execution (RCE). Any service that uses this library and exposes an interface to the Internet is potentially vulnerable. In this paper, we report about a measurement study starting with the day of disclosure. We follow the rush of scanners during the first two months after the disclosure and observe the development of the Log4Shell scans in the subsequent year. Based on traffic data collected at several vantage points we analyze the payloads sent by researchers and attackers. We find that the initial rush of scanners ebbed quickly, but continued in waves throughout 2022. Benign scanners showed interest only in the first days after the disclosure, whereas malicious scanners continue to target the vulnerability.During both periods, a single entity appears responsible for the majority of the malicious activities.

Details

OriginalspracheEnglisch
Seitenumfang1
FachzeitschriftIEEE Transactions on Network and Service Management
PublikationsstatusVeröffentlicht - 2024
Peer-Review-StatusJa

Externe IDs

Mendeley 36b4a248-6117-3f5d-bff1-c940d851f18b
ORCID /0000-0002-3825-2807/work/166763865
Scopus 85200812505

Schlagworte

Forschungsprofillinien der TU Dresden

Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis