What Happened and When?
In early December, LunaSec published a blog post with details regarding a vulnerability in the log4j2 library. This vulnerability became quickly known as “log4shell”, and CVE-2021-44228 was assigned to it.
Since then, Stratix Systems Cybersecurity Experts have been tracking threats taking advantage of CVE-2021-44228. CVE-2021-44228 has the highest criticality rating of CVSS 10.0 and is classified as a remote code execution (RCE) vulnerability under active exploitation in Apache Log4j v2. We have not identified vulnerabilities in our own software.
However, according to the Lunasec report, “Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable.”
What Stratix Systems is seeing?
This is a highly critical vulnerability that may be the worst yet according to the Department of Homeland Security (DHS). Our cybersecurity experts have already tracked hundreds of events affecting over 100 customers.
So far, the vast majority of observed activity has been scanning, but exploitation and post-exploitation activities have also been observed. Based on the nature of the vulnerability, once the attacker has full access and control of an application, they can perform a myriad of objectives. Activities could include installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems.
Download our latest Stratix Dive white paper to learn more about the details of log4j2 and what you can do about
Have a question? Get an answer.
Whether you need support on a specific attack or you just have a question about cybersecurity, our experienced experts would be happy to answer your questions, help you explore your options and develop customized solutions for you. Call us toll-free 1-800-444-2943 and learn more at www.stratixsystems.com.