• XRATOR
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Vulnerability & Weakness

If you have an unpatched Log4j, you can burn your network.

12 months after the Log4j storm, CISA and FBI jointly issued a warning to organizations: if you haven't patched, assume you are breached.

Gert Van de VenbyGert Van de Ven
December 22, 2022
in Malware, News, Vulnerability & Weakness
0
If you have an unpatched Log4j, you can burn your network.

Log4j is a Java-based logging utility used in numerous applications. It is designed to log information, determine how applications are running, and help with debugging errors. Unfortunately, the Log4j software has a severe critical vulnerability, which allows attackers to remotely execute code. This vulnerability, known as Log4Shell (CVE 2021-44228), affects a wide range of technology vendors, making it a major security concern.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint security notification advising companies that have not implemented crucial Log4j safety updates and corrections to their VMware Horizon server systems to assume that their networks have already been breached and take the necessary measures.

The log4shell vulnerability

The Log4Shell vulnerability is critical because it can allow attackers to remotely execute code on any device running Log4j version 2. This means that attackers can gain access to sensitive information, disrupt communications, and even take control of the device. Furthermore, because the vulnerability is widespread, millions of computers running online services are impacted by it. As such, it is important for organizations to take action to mitigate the vulnerability as soon as possible.

The Log4Shell vulnerability is closely related to a VMware Horizon servers vulnerability (CVE-2021-45046), as it can be exploited to gain access to unpatched public-facing servers. Attackers have been exploiting this vulnerability since December 2021, with multiple threat actor groups taking advantage of this vulnerability in order to deliver backdoors and cryptocurrency miners. As such, it is important for organizations to ensure that all VMware Horizon servers are properly patched and secured against this vulnerability.

After a Log4Shell exploitation, an attacker can use the access gained from the initial exploitation to move laterally through the network. This can be done by using the access gained from the vulnerability to find additional systems with vulnerable Log4J2 components, and then exploiting those systems in order to gain access to other networks and systems. Additionally, attackers can use the access gained from the initial exploitation to find shared credentials that can be used to access other systems, or to launch brute-force attacks to gain access to other systems. Finally, attackers can use the access gained from the initial exploitation to use other tools, such as PowerShell, to gain access to other systems.

Log4shell distributing cryptominers

The Advisory published by the CISA and the FBI released describes an unnamed Iranian-backed threat group has exploited the Log4Shell vulnerability in an unpatched VMware Horizon server to deploy XMRig cryptomining malware.

The attackers compromised the federal network after hacking into an unpatched VMware Horizon server and then set up reverse proxies on compromised servers to maintain persistence within the FCEB agency’s network. CISA warned in June 2022 that VMware Horizon and Unified Access Gateway (UAG) servers are still being preyed upon by multiple threat actors, including state-sponsored hacking groups, using Log4Shell exploits. CISA advised organizations with vulnerable VMware servers to assume they were breached and initiate threat-hunting activities.

Cryptominer malware can cause a wide range of problems for the user, including system instability, slow performance, excessive power consumption, and increased electricity bills. Additionally, cryptominer malware can open up a system to further malware attacks, or even data theft. Finally, cryptominer malware can reduce the lifespan of a system by causing overheating and other physical damage.

Conclusion

It is important to patch vulnerabilities that are actively exploited by cyber threats because they can be used to gain access to sensitive data and systems, disrupt operations, or even take control of a device. If the vulnerability remains unpatched, the threat actors can continue to exploit it and gain access to sensitive information, wreak havoc on an organization’s operations, or even gain control of the device. Therefore, it is important to patch any vulnerabilities that are actively being exploited by cyber threats as soon as possible in order to minimize the risk of a successful attack.
Tags: CryptominerIranLog4shell

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • Cybercriminals regularly hack into individual and organization network. They may steal password to sell them on the darkweb.

    4 websites to check if your password is in the darkweb

    0 shares
    Share 0 Tweet 0

  • 10 Essential Tools for IoT Pentesting

    0 shares
    Share 0 Tweet 0

  • Threat Modeling : from Software Security to Cyber Risk Management

    0 shares
    Share 0 Tweet 0

  • 8 TV Shows and Movies about Personal Data Abuse

    0 shares
    Share 0 Tweet 0

  • Understanding and Mitigating the Risk of Computer Memory Exploitation

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Uncategorized
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}