Threater Blocking Activity Increases 90% Due To Log4j

Data Security Concept Image

Last week, we talked about how Threater was providing our customers immediate protection from Log4j-related threats. We highlighted the fact that our best-in-class threat intelligence sources contained over 7,500 malicious IPs associated with Log4j-related threats.

Fast forward to today and the volume of malicious IPs associated with Log4j has grown by over 1,000 to over 8,500. These IP indicators continue to be spread across nearly 20 different threat intelligence data sources, over 100 countries and over 1,000 ASNs.

These IPs also span multiple threat category types including Botnet, Command and Control, Endpoint Exploits, Fraudulent Activity, P2P Node, Proxy/VPN, Scanner, Spam, TOR/Anonymizer, and Web Exploits.

Average Daily Blocking Activity Across Threater Customers Up 90%

In addition to growth in the volume of Log4j-related threat indicators, we’ve also seen a significant increase in blocking activity across the Threater customer base.

  • On December 14th, 2021, total blocked connections for Threater customers increased 60% from the prior day to 755 million from 471 million.
  • From December 14th through December 20th, total blocked connections increased 90% to 718 million per day from the daily average of 378 million for the previous three months.

We attribute this increased total blocking activity to a combination of an increase in Log4j-related threat activity combined with customers tightening their security policies.

Key Takeaways about Log4j

  • Threater continues to provide significant protection from Log4j-related threats. As one customer described it, Threater is providing an effective shield from Log4j-related threats while giving them time to undertake more intensive remediation efforts.
  • Using multiple sources of threat intelligence is critical. The fact that Log4j threat indicators are spread across nearly 20 different threat intelligence sources validates the critical need to use multiple sources of threat intelligence. No one source provides complete coverage. It is the collection of best-in-class sources that together provides the protection customers need. This includes the over 30 best-in-class cyber intelligence sources we provide as part of Threater and the ability for customers to easily add cyber intelligence from additional sources, including our Cyber Intelligence Marketplace.
  • Automation is the only way organizations can keep up with highly dynamic threats.  Just like the threat landscape, threat intelligence is highly dynamic. Indicators on threat intelligence sources are constantly changing, sometimes by the minute. The only way organizations can keep up with highly dynamic threat intelligence and associated protection is to leverage automation. Threater’s heavy use of automation ensures our customers are always using the most up-to-date threat intelligence and that protection is always current. Not only does this significantly improve the security of our customers but it also reduces manual work and saves them time.

Want to see if these malicious IPs from Log4j and other threats are getting through your firewall? Send us your firewall logs and we’ll show you in a matter of minutes.

Threater – Block. Every. Threat.