My TechDecisions

IT Infrastructure, Network Security, News

Google Reports 400,000 Daily Log4j scans

Google says it is continuing to see as many as 400,000 daily scans for Log4j vulnerabilities against Google Cloud.

Leave a Comment

Google AI Investment, Anthropic, OpenAI, ChatGPT

Google says there are as many as 400,000 scans for Log4j vulnerabilities against Google Cloud each day, suggesting that IT professionals need to continue to be vigilant and ensure that they remediate vulnerable systems.

The claim comes in Google’s Threat Horizons Executive Snapshot this month, a quarterly report from the company’s Cybersecurity Action Team. Google Cloud continues to see 400,000 scans each day, and the company believes other cloud providers are seeing similar, if not more, scanning levels.

It’s unclear whether the scanning is primarily on behalf of security researchers or adversaries, but what is clear is that this vulnerability is not simply going away any time soon as both groups continue to scan for vulnerable Log4j instances.

According to Google, the company is continuing to see 400,000 scans for Log4j vulnerabilities against Google Cloud each day, and similar scanning levels against all provides are widely expected.

The company says threat actors are predominantly targeting ports 80 and 443 with scanners sending payloads to many other ports with attack payloads largely using Lightweight Direct Access Protocol (LDAP) servers listening mostly on TCP ports 389 and 1389.

Google adds that threat actors are refining ways of obfuscating the Log4j format string, starting with jndi:ldap://” and moving more difficult to parse strings.

“Adversaries and researchers alike are continuing to scour the web looking for vulnerable instances of Log4j,” Google report says. “As a result, service providers have been and continue to work with their cloud customers to ensure the infrastructure is secure as well as check the status of customer-installed tools and third-party dependencies in their environments to see if they are affected. While adversaries continue to knock on this door, observations have shown that they are opting to use known open-source tools, native Cloud services, and previously established domains for persistence in their attacks.”

Google points Google Cloud admins to several Google Cloud-specific mitigations, including the company’s Cloud Armor solution, Java scanning feature, and threat hunting tools.

Read the company’s report for more mitigations.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ