Microsoft on the Log4j: you may not know you're compromised
Tech giant warned of threat actors' continued attempts to exploit the recently discovered vulnerability for malware deployment.
"Exploitation attempts and testing have remained high during the last weeks of December," Microsoft Threat Intelligence Center (MSTIC) said in a recent situation update.
Everybody's trying to cash in on the vulnerability. Sophisticated, state-sponsored adversaries and commodity-driven threat actors all are internalizing the explosive potential of the Log4j.
"Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. Microsoft has observed attackers using many of the same inventory techniques to locate targets," MSTIC claims.
Researchers at Microsoft claim to have observed attackers updating their malware kits and tactics with exploits related to the Log4j vulnerability. According to MSTIC, everything from coin miners to human-led attacks are updated with Log4j exploits.
"Organizations may not realize their environments may already be compromised," Microsoft warned ominously, adding that companies should employ broad scanning tactics to identify all devices with vulnerable installations.
The 'nuclear' vulnerability
Apache Software Foundation disclosed the remote code execution (RCE) vulnerability in Apache Log4j, also known as Log4Shell, on December 10.
The exploit of the vulnerability results in an RCE attack by logging a certain string in the module. Log4j is used by billions of devices worldwide or integral in the software supply chain.
Log4j is a Java-based logging library used in software on all major operating systems. Everyday use of the utility coupled with the vulnerability allowing RCE attacks got pundits talking of a 'Fukushima moment' for cybersecurity, dubbing LogShell the most critical vulnerability in the past decade.
In the following weeks, four additional Log4j related weaknesses were identified (CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832), expanding the diversity of possible attacks.
Attempts to exploit the vulnerability for ransomware deployment came to light days after it was publicly disclosed. The Belgian defense ministry was hit by a cyberattack when threat actors exploited a vulnerability in Log4j utility.
Crowdstrike witnessed a Chinese espionage group, AQUATIC PANDA, using the Log4j bug to attack an unnamed academic institution.
Microsoft has observed HAFNIUM, a threat actor group operating out of China, utilizing the vulnerability to attack virtualization infrastructure to extend their typical targeting.
The Cybersecurity and Infrastructure Security Agency (CISA) recently published an open-sourced log4j-scanner, designed to help organizations identify potentially vulnerable web services affected by the Log4j vulnerabilities.
More from CyberNews:
Subscribe to our newsletter