Security News > 2022 > January > Microsoft Sees Rampant Log4j Exploit Attempts, Testing

Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache's Log4j logging library.

To evade detection, attackers are mixing up the request patterns: For example, Microsoft has seen exploit code written that runs a lower or upper command within the exploitation string.

Relentless Log4Shell attacks have come from nation-state actors that are both testing and have already implemented the exploit: As of Dec. 15, more than 1.8 million attacks, against half of all corporate networks, using at least 70 distinct malware families, had already been launched to exploit Log4Shell.

Microsoft's I'm-a-broken-record advice: Update affected products and services and apply security patches ASAP. "With nation-state actors testing and implementing the exploit and known ransomware-associated access brokers using it, we highly recommend applying security patches and updating affected products and services as soon as possible," Microsoft said.

Just like Log4j is tucked away into nooks and crannies, so too are exploits going to get added to yet more attacker toolkits: "The majority of attacks we have observed so far have been mainly mass-scanning, coin mining, establishing remote shells, and red-team activity, but it's highly likely that attackers will continue adding exploits for these vulnerabilities to their toolkits," Microsoft said.

While Microsoft has laid out several methods for detecting active exploit attempts using Log4j, identifying the vulnerable version before an attack would be "ideal," according to Ray Kelly, a fellow at NTT Application Security.

News URL

https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/