Atlassian Confluence Exploits Peak at 100K Daily

Since it was first identified on June 2, the Atlassian Confluence remote code-execution (RCE) vulnerability tracked as CVE-2022-26134 has attracted the repeated attention of threat actors. Now, after peaking at up to 100,000 attack attempts daily on targets, cyberattackers have settled at a steady rate of 20,000 malware injection shots per day, launched from around 6,000 IPs.

Researchers at Akamai observed that attacks on the Atlassian Confluence bug are mainly focused in the commerce, high tech, and financial services sectors, and range from probing to malware injection in hopes of installing cryptominers and Web shells.

“What is particularly concerning is how much of a shift upward this attack type has garnered over the last several weeks,” a Tuesday Akamai report on the Atlassian Confluence vulnerability said. “As we have seen with similar vulnerabilities, this CVE-2022-26134 [bug] will likely continue to be exploited for at least the next couple of years.”