Thursday, December 16, 2021

Hackers Use Log4Shell Bug Roll Out Cyber Attacks Around The World

Used the Log4Shell vulnerability in Apache Log4j's Java-based logging platform to carry out potentially world-wide malware attacks.

Apache is a web server that can run on many operating systems, useful for serving and functioning websites. The protocol used to facilitate this web or www uses http.

The Bleeping Computer report says the Log4Shell vulnerability allows attackers to remotely execute commands on a vulnerable server, by searching for or converting the victim's browser into a special string.

Malicious actors can exploit the Log4Shell vulnerability to execute scripts that download and install various types of cryptominers.

Read Also : 5G Subscribers Expected to Reach 660 Million by End of 2021

Netlab 360 researchers report that the actor behind this threat exploited the vulnerability to install Mirai and Muhstik malware on affected devices.

This malware family also recruits IoT devices and servers into a botnet and uses them to deploy cryptominers and run large-scale DDoS attacks.

A report from Microsoft Threat Intelligence said the Log4j vulnerability was also used to exploit to bring down Cobalt Strike. Cobalt Strike is used to attack devices, to perform remote network surveillance or carry out further commands.

For this reason all users running servers on Log4j are requested to install the latest version of Log4j or the latest applications using Log4j as soon as possible

Previous Post
Next Post

0 comments: