Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability
Cybersecurity researchers warn over attackers scanning for vulnerable systems to install malware, steal user credentials, and more.
Cyber attackers are making over a hundred attempts to exploit a critical security vulnerability in Java logging library Apache Log4j every minute, security researchers have warned.
Log4j is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services, meaning that there's a wide range of software that could be at risk from attempts to exploit the vulnerability.
Attackers are already attempting to scan the internet for vulnerable instances of Log4j, with
cybersecurity researchers at Check Point warning that there are over 100 attempts to exploit the vulnerability every minute.
Meanwhile,
cybersecurity researchers at Sophos have warned that they've detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability in the days since it was publicly disclosed, along with scans searching for the vulnerability.
There are already active examples of attackers attempting to leverage Log4j vulnerabilities to install
cryptocurrency-mining malware, while there also reports of several botnets, including Mirai, Tsunami, and Kinsing, that are making attempts to leverage it.
Researchers at Microsoft have also warned about attacks attempting to take advantage of Log4j vulnerabilities, including a range of cryptomining malware, as well as active attempts to install Cobalt Strike on vulnerable systems, something that could allow attackers to steal usernames and passwords.
And while cyber criminals attempting to leverage Log4j vulnerabilities to install cryptomining malware might initially appear to be a relatively low level threat, it's likely that higher level, more dangerous cyber attackers will attempt to follow.
"I cannot overstate the seriousness of this threat. On the face of it, this is aimed at cryptominers but we believe this creates just the sort of background noise that serious threat actors will try to exploit in order to attack a whole range of high-value targets such as banks, state security and critical infrastructure," said Lotem Finkelstein, director of threat intelligence and research for Check Point.
The severity of the vulnerability in such a widely used library means that organisations and technology vendors are being urged to counter the threat as soon as possible.
Source (Danny Palmer – 13 December 2021 – ZDNet)