Last week, the Dutch National Cybersecurity Centre (NCSC) issued a report stating that organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats.
In researching the attacks, the NCSC found that the majority of organizations had acted quickly enough to mitigate critical vulnerabilities, yet threat actors are still planning to breach new targets, and finding novel methods to do so.
“It is expected that malicious parties will continue to search for vulnerable systems and carry out targeted attacks in the coming period,” the Dutch cybersecurity agency said.
“It is therefore important to remain vigilant. The NCSC advises organizations to continue to monitor whether vulnerable systems are used and to apply updates or mitigating measures where necessary.”
“In addition, the NCSC advises directors to stay alert by informing themselves about Log4j and the possible impact of abuse on business continuity.”
Log3j exploits are appealing for hackers, both financially motivated and state-sponsored, as the open-source Apache Log4j logging library is used for countless systems across dozens of vendors. Even if a developer had not chosen to use Log4j, it is very likely that a library they rely on does.
Log4Shell, in particular, can be leveraged remotely on servers exposed to local or Internet access to allow attackers to move laterally through a network until they reach sensitive internal systems.
After its disclosure, multiple threat actors started deploying Log4Shell exploits, including hacking groups linked to governments in China, Iran, North Korea, and Turkey and access brokers used by ransomware gangs.
NCSC’s warning is well-timed, seeing that multiple alerts of ongoing Log4j exploitation around the world were issued by government and private organizations worldwide.
For instance, a report published by Microsoft on Wednesday mentions attempts made by unknown threat actors to propagate Log4j attacks to an organization’s internal LDAP servers by exploiting a SolarWinds Serv-U zero-day.
However, the attacks failed because the Windows domain controllers targeted in the incident were not vulnerable to Log4j exploits.
One week earlier, Microsoft warned of a Chinese threat actor tracked as DEV-0401 using Log4Shell exploits on Internet-exposed VMware Horizon servers to deploy Night Sky ransomware.
“As early as January 4, attackers started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon,” Microsoft said.
“Our investigation shows that successful intrusions in these campaigns led to the deployment of the NightSky ransomware.”
Microsoft’s reports were preceded by another alert issued by UK’s National Health Service (NHS) on January 5 about attackers targeting VMware Horizon systems with Log4Shell exploits.
Protection Against Log4j Vulnerabilities
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.