Security News > 2021 > December > Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
2021-12-14 19:12

Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability.

The vulnerability is tracked as CVE-2021-44228 and is also known by the monikers "Log4Shell" or "Logjam." In simple terms, the bug could force an affected system to download malicious software, giving the attackers a digital beachhead on servers located within corporate networks.

"An adversary can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code," the agency said in guidance issued Monday.

CISA has also added the Log4j vulnerability to its Known Exploited Vulnerabilities Catalog, giving federal agencies a deadline of December 24 to incorporate patches for the flaw.

In a sign that the threat is rapidly evolving, Check Point researchers cautioned of 60 new variations of the original Log4j exploit being introduced in less than 24 hours, adding it blocked more than 845,000 intrusion attempts, with 46% of the attacks staged by known malicious groups.

"To be clear, this vulnerability poses a severe risk," CISA Director Jen Easterly said.


News URL

https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0