The recently discovered security flaw in the Java logging library Log4j is serious, trivial to exploit and affects a huge number of systems. And the threat has now become even greater, because the well-known ransomware group Conti is already exploiting this vulnerability known as “Log4Shell”. The IT security specialist Catalin Cimpanu reports on the website The Record.
Attacks on VMware vCenter
Conti has been looking for the gap since December 13 and is exploiting it, reports Cimpanu based on a study by the security company Advanced Intelligence. According to this, Conti specifically tracks down servers with VMware vCenter, which are known to be susceptible to Log4Shell attacks. The ransomware group has already entered corporate networks via such systems.
This means that Conti is not the first ransomware gang to exploit this loophole, but it is probably the one with the greatest threat potential to date. The Conti Group is a leading global “provider” of “Ransomware as a Service” and has also been extremely successful financially with the method. Blackmail attacks by Contis malware have paralyzed numerous companies, institutions and authorities around the world, caused enormous damage and brought their creators many millions of US dollars in ransom.
The Conti blackmail trojan is one of the most active of its kind and the associated infrastructure behind it is professionally organized. With the ‘customers’ who go on a raid with the tools of the group, she gets into a dispute about the distribution of the ransom – and so a frustrated “customer” leaked documents that describe the Conti procedure in detail like an instruction manual.
Log4j 2.17.0 closes the gap
In the meantime, the Apache Software Foundation has published a new version of the library: In Log4j 2.17.0, the gap should be completely closed; the previous version 2.16.0 only partially corrected the problems and did not offer complete protection against attacks. Administrators should act immediately and, if possible, find out about the risk of their systems being attacked.
If you have problems playing the video, please activate JavaScript
(tiw)
