Threat actors ramped up exploit efforts and testing in the final weeks of December. According to Microsoft’s latest update on the Apache Log4j logging library issues.
“We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks”. – Microsoft.
To exploit the bugs, more than 1.8 million attacks were conducted on almost half of the corporate networks on Dec. 15, utilizing at least 70 different malware families.
What is Log4Shell?
Log4Shell refers to the RCE (Remote Code Execution) issues in Apache Log4j 2. Within hours of the early flaw’s public disclosure on 10 December, attackers were checking for sensitive servers and releasing rapidly evolving attacks that included Cobalt Strike, coin-miners, the Orcus remote access trojan (RAT), Mirai, reverse bash shells for future attacks, and other backdoors and botnets.
#cybersecurity #news #Log4j
The Secure Family News Cycle Never Stops
- July 7, 2024
Share:
Related Posts
