A new vulnerability appears just at the end of this year; this shows that there will always be something to be aware of regarding cybersecurity, no matter the time of the year. Now, we have a completely new vulnerability called Log4J, an exploit that allows a quick attack on computers with Windows systems, and leads to other threats. This article will give details of how Log4J works.
Log4J can infect devices with ransomware
Bitdefender was in charge of reporting the vulnerability and putting it in the exploit category. They also affirmed that cybercriminals are already taking advantage of it to attack devices with Windows systems. Thanks to Log4J, a new family of ransomware called Khonsari is able to be inserted into the system to end up infiltrating a Trojan with the name Orcus.
The input method is simple, by taking advantage of a remote code execution error to download a .NET binary from a remote server. After downloading, all files are encrypted under the extension “.khonsari.”
Log4J is evolving rapidly; there have already been reports of running cryptocurrency miners, theft of data and credentials, as well as leaks of classified information. Many of these attempts have been carried out in the following countries: Russia, Brazil, the United States, Germany, Italy, and even Mexico. One of the surprising things is that China is one of the countries with the lowest attack attempts under this exploit.
CISA is working on it
This exploit was also named Log4Shell, and according to what was dictated by CISA, it was annexed in the Catalog of Exploited Vulnerabilities. In addition to this, the agency launched a warning message for other federal entities to work quickly on the patches and protect systems from Log4J. Other agencies in countries such as Canada, the United Kingdom, and Austria have begun to patch their systems.
Jen Easterly, Director of CISA, commented that: “This vulnerability represents a serious risk… It presents an urgent challenge for defenders… Vendors should also communicate with their customers to ensure that users know that their product contains this vulnerability and should prioritize software updates.”
Log4J is the new threat that cybersecurity professionals face just at the end of the year. Proving once again that threats do not sleep, and cybercriminals do not give importance to the festive seasons. Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp