Site icon TechNewsBoy.com

Log4Shell flaw: Still being used for crypto mining, botnet building… and Rickrolls | ZDNet

Log4Shell, the critical bug in Apache’s widely used Log4j project, hasn’t triggered the disaster that was feared, but it’s still being exploited and predominantly from cloud computers in the US. 

The Log4Shell vulnerability came to light in December and sparked concern that it would be exploited by attackers because it was relatively easy to do and because the Java application logging library is embedded in many different services.

Microsoft has observed Log4Shell being used by state-sponsored and criminal attacks but early on found it was mostly being used for coin mining and ransomware. It advised customers to “assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments.”

SEE: Linux malware attacks are on the rise, and businesses aren’t ready for it

The Cybersecurity and Infrastructure Security Agency warned that, while it hadn’t seen any major breach happen due to the flow, attackers might be waiting to use access gained through Log4Shell until alert levels fall. Oracle, Cisco, IBM and VMware have spent the past two months releasing patches for affected software. 

Barracuda Networks, a maker of network security appliances, has now said that Log4Shell attacks are happening at consistent levels. However, it hasn’t found evidence of an onslaught of attacks. 

“The majority of attacks came from IP addresses in the U.S., with half of those IP addresses being associated with AWS, Azure and other data centers. Attacks were also being sent from Japan, Germany, Netherlands, and Russia,” it notes

It adds that these IP addresses are linked to scans and attempted intrusions, which mean the scans could be from researchers or attackers. 

The payloads range from trivial internet memes to the somewhat more serious category of crypto-mining malware that uses another person’s hardware to solve equations that earn the attacker crypto such as Monero. 

One, for example, attempts to delivery a “relatively benign (or depending on your viewpoint, very annoying) payload” in the form of a a YouTube video that plays Rick Astley’s “Never Gonna Give You Up.” 

“I do wonder if anyone was actually Rick-Rolled by this one. It is, as noted earlier, a benign payload in my opinion, but one that will get you patching very quickly!” says Baracuda’s Tushar Richabadas.

Other notable malware it reports being used in connection with Log4Shell include the distributed denial of service (DDoS) malware called BillGates. It’s an old piece of malware that has no connection with Microsoft’s co-founder and that targets Linux machines. Log4Shell has also been used to deploy Mirai DDoS malware, which is often used in conflicts between online gamers.  

Barracuda has seen also seen Log4Shell being used to deploy cypto miners Kinsing and XMRig, as well as the Muhstik DDoS malware. 

Overall, Barracuda’s report suggests there is no change in the threat level from Log4Shell than was the case in January. 

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version