Microsoft Sees Rampant Log4j Exploit Attempts, Testing

Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.

No surprise here: The holidays bought no Log4Shell relief.

Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library.

“We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” according to Microsoft.

The remote code execution (RCE) vulnerabilities in Apache Log4j 2 – CVE-2021-44228, CVE-2021-45046, CVE-2021-44832 – are collectively referred to as Log4Shell. Within hours of the initial flaw’s public disclosure on Dec. 10, attackers were scanning for vulnerable servers and unleashing quickly evolving attacks to drop coin-miners, Cobalt Strike, the Orcus remote access trojan (RAT). reverse bash shells for future attacks, Mirai and other botnets, and backdoors.

The new attack vector presented by Log4Shell is vast, severe and has ample potential for widespread exploitation. The flaw, which is uber-easy to exploit, is resident in the ubiquitous Java logging library

Read More: https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/