Bitdefender Labs experts observe numerous current attacks that exploit the Log4j vulnerability. Successful attacks to embed Kryptominern as well as attempted ransomware attacks can be confirmed.
The most important results of an initial Bitdefender inventory at a glance:
- The cyber criminals are trying to embed a new family of ransomware, Khonsari. They are now also attacking Microsoft Windows systems after the hackers initially targeted Linux servers.
- Attackers also try to implement the remote access Trojan (RAT) Orcus via the vulnerability. You are trying to download shellcode from hxxp: //test.verble.rocks/dorflersaladreviews.bin.encrypted and inject it into the memory of the conhost.exe process. This shellcode decrypts and reloads other malicious payloads into the memory that connects Orcus to the command and control servers.
- Cyber criminals use reverse bash shells to try to gain access to systems for subsequent follow-up actions. It's relatively easy. As a result, more extensive attacks can be expected with a high probability.
- Bitdefender experts are already monitoring numerous botnets that exploit the vulnerability to install backdoors in new victim networks and expand their networks. A first example of this is Muhstik. Botnets thrive on their size. The growth of these networks is a good indicator of the risk of vulnerabilities.
Bitdefender offers a complete overview in its latest English report.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de