Security News

The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers. The threat actor can then control this botnet to perform DDoS attacks against a specific target, depleting their resources and disrupting their online service.

Cybersecurity professionals from around the globe shared their experiences and opinions, revealing the severity and long-term consequences of the Log4j attack for both security teams and the organizations they protect. Log4j vulnerability: The human impact Industry professionals across the globe responded swiftly following the December 2021 disclosure of Log4j; 48% of cybersecurity teams gave up holiday time and weekends to assist with remediation.

There were a few common practices in organizations that felt they had prepared for or responded to Log4Shell effectively. On the other hand, centralized logging inevitably provides a broader attack surface for logging-based attacks such as Log4Shell.

Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, stated in a public news interview that the now-infamous Log4j flaw is the "The most serious vulnerability that [she has] seen in her career." It's not a stretch to say the whole security industry would agree. You all probably already know- on December 9, a remote code execution vulnerability was uncovered in the programming library named Log4j, which is nearly ubiquitous in Java applications and software used all across the internet.

Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications.

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. The payloads observed include cryptocurrency miners, Cobalt Strike Beacons, and web shells, corroborating a previous advisory from the U.K. National Health Service that sounded the alarm on active exploitation of the vulnerabilities in VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks.

Cybersecurity company Kaspersky said it logged and blocked 30,562 attempts by hackers to use the Log4Shell exploit that was discovered in December 2021. Log4Shell is an exploit that targets Apache's Log4j library, which is used to log requests for Java applications.

The consequence of a Log4Shell attack is that the exploited server tries to download code from an internet site owned by the attacker. Even if a Log4Shell vulnerability is exploited in the server, it cannot download and later run any malicious code, as the outgoing traffic from the DMZ to the internet would have been prohibited.

Anti-malware outfit Sophos has weighed in on Log4Shell, saying that the galvanization of the IT world to avert disaster would be familiar to those who lived through the Y2K era. The Log4Shell vulnerability turned up in the common-as-muck Apache Log4j logging library late last year.

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247, the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation," Microsoft Threat Intelligence Center said.