Experts warn Log4j attackers are switching tactics to make money

EXPERTS warn that Apache Log4j threat actors are switching up their method to secure resources for Monero mining.

Some of the attackers exploiting the Apache Log4j vulnerability, which experts predict could last for years, have moved from using LDAP to RMI in an attempt to maximize their chances of success.

Apache Log4j attackers are switching up their tactics

Apache Log4j attackers are switching up their tactics

Up until recently, most of the attacks on the Java-based logging utility have been through a service called LDAP, or Lightweight Directory Access Protocol.

Now hackers have found that by switching to RMI (Remote Method Invocation) they can sometimes avoid additional security checkpoints.

此外, as some JVM (Java Virtual Machine) versions are built with less-strict features, RMI can sometimes be an easier road to achieving RCE (remote code execution) than LDAP.

Juniper Labs has found that some of the threat actors are actually using both LDAP and RMI to attack Log4j’s vulnerability in the hopes of increasing their chances of success.

Some of the attackers appear to have one goal in mind: Hijack resources to mine in Monero, an unusual type of cryptocurrency.

Threat actors have described the activity as something thatain’t going to harm anyone else,” according to Juniper Labs’ 报告.

科技类中读得最多的

New Xbox Elite console 'revealed' – and it looks BETTER than a PS5

X 标记位置

New Xbox Elite console ‘revealed– and it looks BETTER than a PS5

The cybersecurity world has been on high alert ever since the vulnerability, which puts systems running Apache Log4j version 2.14.1 or below at risk of being compromised, was discovered last week.

“As soon as I saw how you could exploit it, it was horrifying,” Peter Membrey, chief architect of ExpressVPN said.

“Like one of those disaster movies where there’s a nuclear power plant, they find it’s going to melt down, but they can’t stop it. You know what’s coming, but there are very limited things you can do.”

Experts have been desperately trying to identify vulnerable programs as well as prevent exploits wherever possible, but the list of the affected software, as compiled by the Cybersecurity and Infrastructure Security Agency (CISA), is hundreds long.

同时, the number of affected applications, experts believe, is undoubtedly in the thousands.

“I ran queries in our database to see every customer who was using Log4j in any of their applications, and the answer was: every single one of them that has any applications written in Java,” Jeremy Katz, co-founder of Tidelift, 说.

The Java-based logging utility has been the victim of thousands of attacks daily, as of late.

The Java-based logging utility has been the victim of thousands of attacks daily, as of late.

Cyber security company show how hackers could use your PRINTER to access your Gmail in new cyber security threat

在其他新闻中, a NASA spacecraft has officially touched the sun, plunging through the unexplored solar atmosphere known as the corona.

Samsung is reportedly killing off its beloved Note smartphone after more than a decade.

Apple has announced that it will let customers fix their own iPhones for the first time starting next year.

我们为您的故事付费!

你有美国太阳队的故事吗?

给我们发电子邮件 独家@the-sun.com 或打电话 212 416 4552.

在Facebook上喜欢我们 www.facebook.com/TheSunUS 并通过我们的主要Twitter帐户关注我们,网址为 @TheSunUS