Bad Actors Continue to Exploit Log4Shell Vulnerabilities

Pietragallo Gordon Alfano Bosick & Raspanti, LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Pietragallo Gordon Alfano Bosick & Raspanti, LLP

Takeaway: CISA and CGYBER recommend all organizations who did not immediately apply available patches to assume Log4Shell compromise and initiate threat hunting activities.

In December 2021, the world was held hostage by hackers who found certain vulnerabilities in Log4Shell and exploited them. As part of this exploitation, suspected and advanced threat actors implanted loader malware on compromised systems with embedded directives enabling remote command and control. A confirmed compromise showed that these actors were able to infiltrate a disaster recovery network and collect sensitive data.

Cybersecurity agencies and governmental policy bodies acted immediately against these threats and released patches and Malware Analysis Reports MAR-10382580-1 and MAR-10382254-1 detailing hack workarounds. But the threat was omnipresent.

The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGYBER) recently released a warning in July to network defenders that cyber threat actors continue to exploit CVE-2021-4423 (Log4Shell) in VMware Horizon and Unified Access Gateway (UAG) servers to infiltrate organizations that failed to apply patches.

Organizations are encouraged to read MAR-10382254-1 which provides examples of malware samples including indicators of comprise (IOCs) and detection signatures.

What organizations must do now is:

  • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, organizations must treat all affected VMware systems as compromised.
  • Minimize the internet-facing attack surface by hosting essential services on a segregated demilitarized (DMZ) zone, ensuring strict network perimeter access controls, and implementing regularly updated web application firewalls (WAFs) in front of public-facing services.

For the full article and specific examples of Log4Shell threat events, go to:

https://www.cisa.gov/uscert/ncas/alerts/aa22-174a

* This blog is available for informational purposes only and is not considered legal advice on any subject matter. By viewing blog posts, the reader understands there is no attorney-client relationship between the reader and the blog publisher. The blog should not be used as a substitute for legal advice from a licensed professional attorney. 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pietragallo Gordon Alfano Bosick & Raspanti, LLP | Attorney Advertising

Written by:

Pietragallo Gordon Alfano Bosick & Raspanti, LLP
Pietragallo Gordon Alfano Bosick & Raspanti, LLP
Contact
more
less

Pietragallo Gordon Alfano Bosick & Raspanti, LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide