Security News > 2022 > March > Log4shell exploits now used mostly for DDoS botnets, cryptominers
The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers.
The threat actor can then control this botnet to perform DDoS attacks against a specific target, depleting their resources and disrupting their online service.
The threat actors behind these operations are either renting their botnet firepower to others or are launching DDoS attacks themselves to extort companies.
Barracuda's analysts say they did not see ransomware gangs exploiting publicly exposed VMWare installations and believe it's being used more as an insider threat for already compromised networks.
The Conti Ransomware used Log4j exploits to spread laterally to VMware vCenter installations.
While Barracuda reports seeing a steady volume of Log4Shell attacks, Sophos has recently reported a decline.
News URL
Related news
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)