8/29/2023 0 Comments Malwarebytes solarwinds azure![]() ![]() Microsoft 365 Defender advanced hunting.Applying mitigation directly in the Microsoft 365 Defender portal.Discovering affected components, software, and devices via a unified Log4j dashboar d.Finding and remediating vulnerable apps and systems.It also provides our recommendations for using Microsoft security solutions to (1) find and remediate vulnerable services and systems and (2) detect, investigate, and respond to attacks. This blog reports our observations and analysis of attacks that take advantage of the Log4j 2 vulnerabilities. Meanwhile, defenders need to be diligent in detecting, hunting for, and investigating related threats. Refer to the Microsoft Security Response Center blog for technical information about the vulnerabilities and mitigation recommendations. With nation-state actors testing and implementing the exploit and known ransomware-associated access brokers using it, we highly recommend applying security patches and updating affected products and services as soon as possible. The majority of attacks we have observed so far have been mainly mass-scanning, coin mining, establishing remote shells, and red-team activity, but it’s highly likely that attackers will continue adding exploits for these vulnerabilities to their toolkits. The remote code execution (RCE) vulnerabilities in Apache Log4j 2 referred to as “Log4Shell” ( CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) has presented a new attack vector and gained broad attention due to its severity and potential for widespread exploitation. Januupdate – Threat and vulnerability management can now discover vulnerable Log4j libraries, including Log4j files and other files containing Log4j, packaged into Uber-JAR files. Januupdate – We added new information about an unrelated vulnerability we discovered while investigating Log4j attacks. Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance. At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered. Organizations may not realize their environments may already be compromised. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. In January, we started seeing attackers taking advantage of the vulnerabilities in internet-facing systems, eventually deploying ransomware. There is high potential for the expanded use of the vulnerabilities. Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. Microsoft has observed attackers using many of the same inventory techniques to locate targets. Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may not readily know how widespread the issue is in their environment. This open-source component is widely used across many suppliers’ software and services. Janurecap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |