Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Conti Ransomware Group Exploits Log4j Flaw to Compromise VMware Servers

published on 2021-12-20 14:12:26 UTC by CISOMAG
Content:

While organizations and security admins worldwide are immersed in mitigating the Log4j vulnerability effects, new exploits are being weaponized to entice more fear. Recently, security experts from AdvIntel revealed that Conti ransomware operators abused the Log4j flaw (CVE-2021-44228) to gain access to the internal VMware vCenter Server and encrypt vulnerable devices.

Weaponizing the Log4j Vulnerability

The researchers stated that Conti ransomware became the first sophisticated ransomware group weaponizing Log4j vulnerability. The threat actors targeted specific vulnerable VMware vCenter for lateral movement directly from the compromised network resulting in vCenter access affecting victims in the U.S. and European networks. AdvIntel has recommended that users and organizations patch their systems immediately to avoid further exploitation of the Log4j flaw.

Also Read: Log4j Explained: How It Is Exploited and How to Fix It

“AdvIntel discovered that multiple Conti group members expressed interest in exploiting the vulnerability for the initial attack vector resulting in the scanning activity leveraging the publicly available Log4j2 exploit. The current exploitation led to multiple use cases through which the Conti group tested the possibilities of utilizing the Log4j2 exploit. This is the first time this vulnerability has entered the radar of a major ransomware group,” the researchers said.

Several reports also stressed that threat actors exploited the Log4Shell flaw to deploy a new ransomware variant Khonsari and a remote access Trojan Orcus, using botnets like Mirai and Muhstik against vulnerable systems to spread malware.

Apache Issues Patches

The security concerns with Log4j continued to increase. After discovering the third critical vulnerability, the Apache Software Foundation (ASF) released one more patch. Tracked as CVE-2021-45105 (CVSS score: 7.5), the flaw is stemmed from the incomplete fix of Log4Shell vulnerability CVE-2021-44228. The flaw reportedly affects all versions from 2.0-beta9 to 2.16.0, allowing attackers to launch a DDoS attack.

“Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process,” ASF said in an advisory.

The post Conti Ransomware Group Exploits Log4j Flaw to Compromise VMware Servers appeared first on CISO MAG | Cyber Security Magazine.

Article: Conti Ransomware Group Exploits Log4j Flaw to Compromise VMware Servers - published almost 3 years ago.

https://cisomag.eccouncil.org/conti-ransomware-group-exploits-log4j-flaw-to-compromise-vmware-servers/   
Published: 2021 12 20 14:12:26
Received: 2021 12 20 14:26:10
Feed: Ciso Mag - All
Source: CISO Mag
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor