Hackers continue to take advantage of the Log4Shell vulnerability, says US CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Coast Guard Cyber Command (CGCYBER) warned that nation-state hackers are still exploiting Log4Shell (CVE-2021-44228), specifically targeting unpatched, Internet-facing VMware Horizon and Unified Access Gateway servers. This has been occurring since at least December 2021, one month after Log4Shell was discovered.

“As part of this exploit, suspected APT participants planted add-on malware on infected systems with embedded executables that can execute remote command and control (C2),” CISA warned. “In a confirmed compromise, these APT participants were able to move laterally within the network, access the disaster recovery network, and collect and compromise sensitive data.”

The CISA advisory emphasizes the necessity for product security teams to exercise special caution in identifying any software that includes dangerous Log4j packages. The Log4Shell issue presently impacts more than 1,800 products, so security teams shouldn’t stop at patching VMware Horizon and Unified Access Gateway servers, according to our records.

We noted the potential for Log4Shell to have a significant impact in our 2021 Year-End Vulnerability Quick Look report and noted that it has more references than any other vulnerability, including Heartbleed, POODLE, and Spectre v2. Our analysis shows that since the report’s publication, the overall number of affected products has grown by 11.6%. The total number of products affected by Log4Shell is expected to rise as long as we keep track of vulnerabilities.

Log4Shell, tracked as CVE-2021-44228 (CVSS score: 10.0), is a remote code execution vulnerability that affects the Apache Log4j logging repository used by a wide range of consumer and enterprise services, websites, applications and other products.

Understanding Vulnerability

Organizations should be aware of all suppliers and products that are known to be affected in order to stop attempts to exploit the Log4Shell vulnerability and other potentially exploitable vulnerabilities. They also need to be aware of vulnerabilities that lack a CVE ID for a fuller understanding.

VulnDB has been following this information and compiling the specifics onto its user-friendly platform since since the discovery of Log4Shell. In reality, our explanation and solution details disclose the precise VMware vulnerability method. Users of VulnDB can protect themselves from ongoing exploitation attempts by using this metadata.

Threats and Vulnerabilities Participants’ Chatter

It’s crucial for enterprises to comprehend the vulnerabilities threat actors are actively discussing and looking to exploit in the underworld community, in addition to the major vulnerabilities and supply chain/third-party problems they confront. This crucial knowledge can guide procedures that security teams can actively prioritize in order to patch potentially dangerous vulnerabilities, like Log4Shell.

View a demo of the Flashpoint vulnerability management tool.

Numerous more products could be at risk from CVE-2021-44228 right now, in addition to VMware and Unified Access Gateway. To find out how to backup and disaster-proof your important data right now, sign up for a free Vinhchin trial.

Vinchin Backup & Recovery provides a range of enterprise backup that minimize the impact on business networks and production systems, improve the transmission efficiency of backup data, decrease the amount of storage needed for backup data, and enable users to recover the pertinent virtual machines and their data at that point in time in just a few seconds and resume business system operation in a matter of minutes—all without ever affecting the original backup data. Because the entire procedure has no influence on the initial backup data, failure or disaster-related downtime is reduced, and the confidentiality of the backup data is ensured.

Vinchin Backup & Recovery provides Hyper-V backup and restore best practices that may be applied in various circumstances to guarantee that crucial data is completely protected against a variety of threats. VMware, XenServer/XCP-ng, Hyper-V, RHV/oVirt, OpenStack, Sangfor HCI, Oracle Linux Virtualization Manager, and Huawei FusionCompute are a few of the virtual environments it supports (Xen Based). Vinchin Backup & Recovery v6.5 now includes new features including oVirt backup for MSPs, Cross-Platform Recovery (V2V), Database Backup & Recovery, Backup Data Encryption & Backup Storage Protection, among others.