Log4Shell RCE Vulnerability Attracts Attention from Cybercriminals
Cybercriminals are always on the prowl for new vulnerabilities that they can use to aid their attacks. One of the popular, recent vulnerabilities is called Log4Shell. It affects the Apache Log4j logging platform, which is used to manage Web server and application logs. The vulnerability allows for Remote Code Execution (RCE,) which enables criminals to perform all sorts of tasks on affected devices. While the critical security issue has already been patched with the release of Log4j 2.15.0, there are still thousands of systems that are running older, vulnerable version of the service.
What Payloads Are Abused Alongside the Log4Shell Vulnerability?
Although the Log4Shell vulnerability has been public for just a few days, there are already plenty of threat groups taking advantage of it. Some of the more notorious attacks executed with the use of the Log4Shell vulnerability include:
- Planting cryptocurrency mining malware with the use of the Kinsing backdoor Trojan. This particular campaign uses a complex set of shell scripts, which perform various tasks on infected devices – such as disabling services consuming hardware resources, and wiping out other cryptomining malware. The latter step is common when talking of cryptocurrency mining Trojans since their operators do not want any other malware interfering with their operations.
- The Log4Shell vulnerability has also been in use by operators of botnets based on Mirai and Mushtik. The criminals behind these operations are likely to harvest the hardware and network resources of the infected systems to execute distributed-denial-of-service (DDoS) attacks.
- Planting cracked Cobalt Strike beacons. This popular penetration testing framework is regularly misused by cybercriminals who have malicious intentions.
As you can see, cybercriminals waste no time when it comes to exploiting the latest vulnerabilities in Internet-facing software and services. Stay ahead of them by regularly applying the latest software updates and firmware patches, ensuring the security of your devices.