The Dutch National Cybersecurity Centre (NCSC) warns organizations to remain vigilant on possible attacks exploiting the Log4J vulnerability.
Partly due to rapid actions of many organizations, the extent of active abuse appears to be not too bad at the moment. But that doesn’t mean it stops there. It is expected that malicious parties will continue to search for vulnerable systems and carry out targeted attacks in the coming period. It is therefore important to remain vigilant.The NCSC advises organizations to continue to monitor whether vulnerable systems are used and to apply updates or mitigating measures where necessary. In addition, the NCSC advises directors to stay alert by informing themselves about Log4j and the possible impact of abuse on business continuity.
The risk that cybercriminal groups and nation-state actors could exploit Log4j vulnerabilities in future attacks is still high.
Recently Microsoft posted a warning about a new campaign from a China-based actor it tracks as DEV-0401 to exploit the Log4Shell vulnerability on VMware Horizon systems exposed on the internet, and deploy Night Sky ransomware.
Ransomware gangs exploited the Log4Shell in their attacks, the Conti ransomware gang was the first group that exploited the CVE-2021-44228 flaw since mid December.
Researchers discovered that threat actors were attempting to exploit the Log4Shell vulnerability to deliver Khonsari ransomware on Windows machines
The NCSC will continue to share information through its website and GitHub repository, the latter contains operational information regarding the Log4shell vulnerability in the Log4j logging library. Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105.