The serious problem in Apache's widely used Log4j project, known as Log4Shell, hasn't caused the calamity predicted, but it is still being exploited, primarily from cloud servers in the United States. Because it was reasonably straightforward to exploit and since the Java application logging library is implemented in many different services, the Log4Shell vulnerability was brought to attention as it raised concerns for being potentially abused by attackers.
According to a Barracuda study, the targeting of Log4Shell has fluctuated over the last few months, but the frequency of exploitation attempts has remained pretty stable. Barracuda discovered the majority of exploitation attempts originated in the United States, followed by Japan, Central Europe, and Russia.
Researchers discovered the Log4j version 2.14.1 in December 2021. Reportedly, all prior versions were vulnerable to CVE-2021-44228, also known as "Log4Shell," a significant zero-day remote code execution bug.
Log4j's creator, Apache, attempted to fix the problem by releasing version 2.15.0. However, the vulnerabilities and security flaws prolonged the patching race until the end of every year, when version 2.17.1 ultimately fixed all issues.
Mirai malware infiltrates a botnet of remotely managed bots by targeting publicly outed network cameras, routers, and other devices. The threat actor can then use this botnet to launch DDoS assaults on a single target, exhausting its resources and disrupting any online services. The malicious actors behind these operations either rent vast botnet firepower to others or undertake DDoS attacks to extort money from businesses.
Other payloads which have been discovered as a result of current Log4j exploitation include:
- Malware is known as BillGates (DDoS)
- Kinsing is a term used to describe the act of (cryptominer)
- XMRig XMRig XMRig X (cryptominer)
- Muhstik Muhstik Muhstik (DDoS)
The payloads range from harmless online jokes to crypto-mining software, which utilizes another person's computers to solve equations and earn the attacker cryptocurrency like Monero.
The simplest method to protect oneself from these attacks is to update Log4j to version 2.17.1 or later, and to maintain all of the web apps up to date. Even if the bulk of threat actors lose interest, some will continue to target insecure Log4j deployments since the numbers are still significant.
Security updates have been applied to valuable firms which were lucrative targets for ransomware assaults, but neglected systems running earlier versions are good targets for crypto mining and DDoS attacks.