The Log4shell flaw is far from a thing of the past. Microsoft cybersecurity teams point to massive exploitation of the vulnerability in multiple forms.
The year 2022 is off to a strong start. The Microsoft Threat Intelligence Center (MSTIC) report updated on January 3, 2022 explains that the threats related to the Log4shell flaw are not diminishing, far from it. This vulnerability, discovered on December 10, 2021, affects a widespread Java computer language library, Log4j. It is particularly serious because it offers wide possibilities of attack for pirates.
What these malicious actors quickly exploited. The first ransomware attacks were observed in the first days after the discovery. Mainly on Linux systems and more marginally on Windows systems, according to a report from Bitdefender. And the Microsoft teams point out that ” exploitation attempts and scans (the flaw on the part of hackers or cybersecurity researchers, editor’s note) remained high during the last weeks of December. ”
Malware kits, coin miners, botnets …
The MSTIC specifies that it has observed a wide variety of attacks, and in particular the adaptation of already known malware and tactical kits. In particular coin miners, these malicious software which use the infected machine to mine cryptocurrencies for the benefit of the hacker. Also more sophisticated attacks say ” hands-on-keyboard ”, Hands on the keyboard in French. Attacks that do not rely only on automation, but also on the hacker’s direct participation in the attack. By entering orders in real time, for example.
The Microsoft report also mentions other attack modes that use Log4shell such as “reverse shells”, attacks that bypass protections such as firewalls by abusing the open ports of a server. Not to mention well-known botnets like Mirai, malware that assimilates devices to create a network of infected machines. Hackers can then take control of these to carry out massive attacks, such as denial of service (Ddos).
Attacks that push the US authorities to react
As The Hacker News spotted, the massive exploitation of this flaw worries even the authorities of the United States. The Federal Trade Commission issued a warning on January 4 regarding the original Log4shell flaw, stamped CVE-2021-44228, which has since been followed by the discovery of three other major flaws in Log4j.
And the Federal Trade Commission doesn’t stop at advice, it goes so far as to warn that the agency ” intends to use its full legal authority to prosecute businesses that fail to take reasonable steps to protect customer data »Facing vulnerabilities known as Log4j. A strong position taken, which has no equal in France for the moment.
CyberGhost, Cyberwarre’s exclusive advertiser, is a premium VPN provider at affordable prices. It has thousands of secure servers spread across the world, allowing it to relocate its IP address and bypass geoblocks. CyberGhost does not keep any record of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market.
Learn more about CyberGhost’s VPN solution