CISA and Coast Guard warn that Log4Shell is still the target of hackers


The United States Cybersecurity and Infrastructure Agency and Coast Guard Cyber ​​Command today warned Network defenders that Log4Shell vulnerabilities are still being targeted by hackers.

Log4Shell first appeared in December and actively targeted vulnerabilities found in Apache Log4j, an open-source software used by many companies. The initial vulnerabilities, including the following others, allow hackers to gain access to affected systems. The exploits have been targeted not only by ordinary hackers, but also by state-sponsored hacking groups.

The new warning indicates that cyberattack actors, including state-sponsored Advanced Persistent Threat actors, continued to exploit the original vulnerability, named CVE-2021-44228, in VMware Horizon and Unified Access services. Gateway. Hackers are exploiting the vulnerability to gain access where organizations have not applied available patches.

The full alert details several recent cases where hackers managed to exploit the vulnerability to gain access. In at least one confirmed compromise, the actors collected and exfiltrated sensitive information from the victim’s network.

CISA and the Coast Guard recommend that all organizations install updated versions to ensure affected VMware Horizon and UAG systems are running the latest version.

The alert adds that organizations should always keep software up-to-date and prioritize patching known exploited vulnerabilities. Internet-facing attack surfaces should be minimized by hosting essential services on a segmented DMZ. This ensures strict access controls at the network perimeter and does not host internet-accessible services that are not essential to business operations.

“This vulnerability followed a typical path – after the initial discovery, there was a flurry of patches by security-conscious organizations, and then it disappeared from the news,” Kumar Saurabh, CEO and Co-Founder of Detection and of managed response company LogicHub Inc., told SiliconANGLE. “But there are always servers that are missing or organizations that aren’t keeping up with patches.”

Saurabh added that vulnerabilities can stick around for a long time and continue to be exploited as long as there are gaps. “It’s critical that we remain vigilant about any achievement, even if it’s been ticked off the list as ‘completed,'” he said.

Erich Kron, security awareness advocate at a security awareness training company KnowBe4 Inc.noted that while patching can be a challenge and may even pose a real risk of failure if something goes wrong, any organization with internet-connected devices should have a system in place and perform testing to significantly reduce the risk.

“The advice issued by CISA and CGCYBER that unpatched VMware servers vulnerable to the Log4Shell remote code execution vulnerability should be considered already compromised only underscores the severity of this vulnerability and the capabilities of the actors who exploit it,” Kron said. .

Apache images

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.


Comments are closed.