April 6— Within days of its discovery, cyber security researchers have witnessed tens of thousands of attempts to exploit the new Spring4Shell or SpringShell vulnerability.
Check Point Research has purportedly identified 37,000 such attempts within the first four days of observation. The researchers have calculated that roughly 16% of global organizations were affected.
Statistics also show that vulnerable versions of the Spring Framework may account for over 80% of the total downloads from the Maven Central repository since the issue came to light over a week ago.
Spring4Shell data points
- Europe accounts for the largest number of incidents (20%)
- The software industry represents the most affected vertical (28%)
- Three vulnerabilities have been identified within the open-source Spring Framework
The main vulnerability in the Spring Framework is known as CVE-2022-22865. This is a critical remote code execution (RCE) bug in the Spring Core.
In the event that attackers send a specially crafted query to a web server running the spring core framework, the vulnerability can be exploited.
While the precise details pertaining to in-the-wild abuse remain unclear, security experts see active scanning for this exploit coming from certain countries’ IP addresses.
The other two Spring Framework vulnerabilities are believed to be less serious in nature, although they are also RCE flaws.
CISA adds Spring4Shell to catalog
Organizations were alerted to the seriousness of Spring4Shell when the US Cybersecurity and Infrastructure Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog. The addition to this list means that all civilian federal agencies are required to patch the vulnerabilities within a specified timeframe.
Spring4Shell vs. Log4j
Despite the similarities in nomenclature, Spring4Shell is not believed to be as serious as the Log4Shell bug discovered at the end of 2021.
Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.