Security News > 2022 > March > Log4shell exploits now used mostly for DDoS botnets, cryptominers
The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers.
The threat actor can then control this botnet to perform DDoS attacks against a specific target, depleting their resources and disrupting their online service.
The threat actors behind these operations are either renting their botnet firepower to others or are launching DDoS attacks themselves to extort companies.
Barracuda's analysts say they did not see ransomware gangs exploiting publicly exposed VMWare installations and believe it's being used more as an insider threat for already compromised networks.
The Conti Ransomware used Log4j exploits to spread laterally to VMware vCenter installations.
While Barracuda reports seeing a steady volume of Log4Shell attacks, Sophos has recently reported a decline.