Over the past sixty days, the Ankura Cybersecurity team has worked with clients to solve cybersecurity challenges involving the rampantly exploited Log4Shell vulnerability, recent security changes within Meta (Facebook), and Russian government crackdowns against malicious cyber-activity, as well as a piece on the exponential growth seen in the use of obscure coding languages by threat actors.

The Ever-Evolving Log4Shell Vulnerability

Log4Shell is a vulnerability in Apache Log4j. Nation-state actors and ransomware groups have exponentially targeted the vulnerability. In the U.S. alone, threat actors are averaging 10 million attempts per hour. The FTC intends to take legal action against companies that leak consumer data as a result of failing to patch the security flaw.

Russian Activity Surrounding the New Year

There has been a significant increase in cyber activity throughout Russia and from Russian-backed threat intelligence operatives since the New Year. United States intelligence agencies have issued warnings regarding critical infrastructure organizations, citing threats by Russian nation-state threat groups. A recent Russian attack against Ukrainian energy companies caused massive blackouts throughout the country.

Meta Targets Phishing Campaigns and Cyber Mercenaries

In December, a lawsuit was filed by Meta, formally known as Facebook, against operators that allegedly have control of approximately forty thousand malicious phishing sites. Meta has reported damages of approximately five-hundred thousand U.S. dollars. Meta has banned seven cyber mercenaries and their hundreds of accounts associated with them.

Gophers Going Dark

Threat actors have exponentially adopted the programming language Golang, commonly referred to as Go. It is quickly becoming a favorite tool of threat actors because Go has a high barrier to entry, can bundle dependencies into a single binary, and can run cross-platform.