The Log4j exploit was explosive and widespread – the volume of awareness prompted a rapid response to patch and “fix” the problem but it hasn’t disappeared.
Data shows cybercriminals continue to scan for Log4j vulnerabilities, despite patching being available for six months.
The Log4j exploit has become a standard item in vulnerability scanners and in the toolkits of hackers. It’s even “built-in” to a number of botnets.
The massive drop may be due to law enforcement’s shut down of botnet networks but we’ll see continuous scanning for vulnerable systems for a long time now as criminals take advantage of their automated tools to target low hanging fruit.