Log4j remained a top attack vector for threat actors in 2023, while a new vulnerability, HTTP/2 Rapid Reset is emerging as a significant threat to organizations, according to Cloudflare’s annual “Year in Review” report. The report is based on data from Cloudflare’s network, which spans 310 cities in more than 120 countries.
Worldwide, the attack volume targeting Log4j consistently dwarfed that seen for other vulnerabilities and saw spikes during the last week of October and mid-late November, Cloudflare’s report noted. “Attackers are still actively targeting Log4j because if it’s successfully exploited, it has the potential to do some significant damage,” says Cloudflare’s Head of Data Insight David Belson.
