Threats due to the Log4Shell vulnerability are not dead yet and are predominantly used by attackers to trigger attacks worldwide.
The critical flaw, which scored 10 out of 10 on the NIST’s severity scale, first came to light in December 2021. Since its discovery, it sparked concern among researchers that it would be exploited by attackers as the affected application - the Log4j Java application logging library - is embedded in many different devices. It impacts default configurations of several Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink.
A successful exploitation of the flaw involves sending a specific string to the Log4j software.
What does the latest report say?
- According to a report by Barracuda, the volume of attacks attempting to exploit the Log4Shell vulnerability remained relatively constant over the past two months.
- The majority of attack attempts came from IP addresses in the U.S., followed by Japan, Central Europe, and Russia.
- While researchers spotted various payloads leveraging the flaw, most of these were used to launch DDoS attacks and for planting cryptominers.
More deets on the Log4Shell exploit
- Mirai and its other versions appeared in most of the attacks that made use of the Log4Shell exploit.
- The threat actors behind these operations used the Mirai variants either to build an army of bots or extorted companies with launching DDoS attacks.
- Apart from Mirai, BillGates and Muhstik botnets were also seen dropped in multiple attacks exploiting vulnerable Log4j.
- Researchers also logged Kinsing and XMRig among malware payloads used to mine cryptocurrencies.
Patching devices help prevent attacks
The simplest way to protect against these types of attacks is to update Log4j to version 2.17.1 or later and keep all web applications up to date in general. Additionally, users must check for firmware updates for Log4Shell vulnerability and apply them if available.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/db75_shutterstock_698364331.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock-481060964.jpg)
