Microsoft has previously documented ransomware attacks on Minecraft servers via Log4Shell and access brokers compromising networks before selling access to ransomware-as-a-service affiliates. RECOMMENDED Bug bounty platforms handling thousands of Log4j vulnerability reports The attack surface is so sprawling that bug bounty platform HackerOne had received nearly 1,700 Log4j vulnerability reports to over 400 programs less than two weeks after the bug was publicly disclosed. The Log4Shell flaw, which has spawned four patches in Log4j so far, allows cybercriminals to launch remote code execution (RCE) attacks against vulnerable systems. In a security advisory last updated on December 23, VMWare said Horizon’s HTML Access component was vulnerable to Log4Shell exploits and provided remediation and mitigation steps.
In a ‘medium severity’ cyber alert published on January 5, the health system’s digital arm, NHS Digital, said the attack “uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service”, with a view to deploying ransomware or exfiltrating data. Microsoft’s latest Log4j security alert comes after the UK’s National Health Service (NHS) similarly warned of an unknown threat group attempting to gain a foothold on networks via attacks against VMware Horizon deployments running vulnerable versions of Log4j, an open source Java logging library.
Microsoft said the ransomware group directing the Horizon attacks, which it is tracking as ‘DEV-0401’, has previously deployed LockFile, AtomSilo, and Rook ransomware, as well as exploited CVE-2021-26084 in Atlassian Confluence and CVE-2021-34473 in on-premises Exchange servers. NightSky leverages the in-vogue ‘double extortion’ model and was identified by threat researchers from MalwareHunterTeam on January 1. When successful, the attacks – which began “as early as January 4” – result in the deployment of the NightSky ransomware.Ĭatch up with the latest ransomware news and attacks “Based on our analysis, the attackers are using command and control (CnC) servers that spoof legitimate domains,” said the software giant in a January 10 addition to its rolling ‘Log4Shell’ updates.
Microsoft says cybercrime group is attempting to deploy NightSky ransomwareĪ China-based ransomware operator has for the past week been actively exploiting the Log4j vulnerability in VMware Horizon, the desktop and app virtualization platform, Microsoft has warned.
0 kommentar(er)
