Security News > 2022 > March > VMware Horizon platform pummeled by Log4j-fueled attacks

VMware Horizon platform pummeled by Log4j-fueled attacks
2022-03-30 15:30

VMware's Horizon virtualization platform has become an ongoing target of attackers exploiting the high-profile Log4j flaw to install backdoors and cryptomining malware.

VMware in late December released an updated version of Horizon and continued with patches for Horizon this month for the Log4j flaw - called Log4Shell and tracked as CVE-2021-44228 - but the threat continues.

The attacks on Horizon also come as demand for such remote-work tools continues to grow in the wake of the COVID-19 pandemic, which forced most employees to work from home and has ushered in an expected era of more hybrid work.

According to Sophos, the attacks on VMware Horizon that started in January used the Lightweight Directory Access Protocol resource call in Log4j for a malicious Java class file that modified legitimate Java code.

The initial attacks in late December 2021 and January of this year exploiting the Log4j flaw used Cobalt Strike malware.

Because such attacks are simple to carry out, the threat actors using cryptomining range from individuals through ransomware-as-a-service gangs, initial access brokers and nation-states, which use cryptomining as a financing tool.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/30/log4j-malware-sophos-vmware-horizon/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 83 405 205 107 800