A whole new ransomware strain is exploiting Log4j

Tajammul Pangarkar
Tajammul Pangarkar

Updated · Dec 22, 2021

SHARE:

Scoop.market.us is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.
close
Advertiser Disclosure

At Market.us Scoop, we strive to bring you the most accurate and up-to-date information by utilizing a variety of resources, including paid and free sources, primary research, and phone interviews. Our data is available to the public free of charge, and we encourage you to use it to inform your personal or business decisions. If you choose to republish our data on your own website, we simply ask that you provide a proper citation or link back to the respective page on Market.us Scoop. We appreciate your support and look forward to continuing to provide valuable insights for our audience.

The Log4j vulnerability is so potent that it appears to have brought many of the retired and inactive malicious actors out of the woodwork. 

Multiple cybersecurity researchers, including those from Sophos and Curated Intelligence, are now saying that they’ve spotted an attempted distribution of TellYouThePass, an old ransomware strain that was deemed inactive, through the Log4Shell vulnerability. 

According to the researchers, the ransomware, last seen in July 2020, is being used against targets in China, the U.S., and Europe, including Amazon and Google cloud services. The malicious actors are targeting both Windows and Linux devices, with the version for the latter being able to steal Secure Socket Shell (SSH) keys and perform lateral movement. 

Threat incoming?

Abusing Log4j to distribute ransomware is not that widespread just yet, the researchers are saying, noting they are yet to observe any activity from ransomware deployed this way. 

However, that doesn’t mean ransomware operators aren’t moving in that direction. It could mean that they’re still in the reconnaissance phase, moving through compromised networks, mapping out endpoints and identifying key data. 

Speaking to VentureBeat, Cisco Talos threat researcher Chris Neal says preventing malware detection is crucial for malicious actors at this point: “After initial access, these attackers will commonly choose to gain persistence, and then minimize their footprint to prevent detection and perform reconnaissance,” Neal said. “This type of behavior may account for the lack of ransomware campaigns utilizing this exploit being observed.”

Moving away from cryptomining

For the moment, cryptomining seems to be the most popular way to abuse the log4j flaw, but with ransomware offering a much higher – and faster – ROI, researchers are expecting threat actors to pivot quickly. 

“Some of these small things, like a crypto miner, can end up just being that first stage of attack,” Roger Koehler, vice president of threat ops at Huntress, told VentureBeat. “Because they can go and sell that access on the black market. And somebody bigger and badder may buy that and do something more detrimental, like a ransomware attack.”

Ultimately, “those crypto miners can seem small, but that can escalate to something bigger.”

  • You might also want to check out our list of the best firewalls right now

Via: VentureBeat

Source Link A whole new ransomware strain is exploiting Log4j

SHARE:
Tajammul Pangarkar

Tajammul Pangarkar

Tajammul Pangarkar is a CMO at Prudour Pvt Ltd. Tajammul longstanding experience in the fields of mobile technology and industry research is often reflected in his insightful body of work. His interest lies in understanding tech trends, dissecting mobile applications, and raising general awareness of technical know-how. He frequently contributes to numerous industry-specific magazines and forums. When he’s not ruminating about various happenings in the tech world, he can usually be found indulging in his next favorite interest - table tennis.