SolarWinds and ZyXEL devices are being attacked by cybercriminals who are searching for Log4jShell vulnerability aka log4j vulnerability. The devices are known to contain the Log4j library in their software, stated two reports published by Microsoft and Akamai.
The attacks, which require immediate attention, are the ones Microsoft has reported. Microsoft stated that it uncovered a threat actor exploiting Log4Shell along with a zero-day vulnerability in the SolarWinds Serv-U file-sharing server.
Microsoft stated that it notified SolarWinds, which released a patch on Tuesday. The vulnerability is labeled CVE-2021-35247.
The attack was expressed as an input validation problem in the Serv-U web login Screen; Microsoft stated the attackers used the Zero-day to circumvent input validation on the log-in process with the help of non-standard characters and then exploited the Log4Shell to control the Serv-U servers.
Apart from these attacks, researchers reported tracking a Mirai DDoS botnet targeting ZyXEL networking devices.
While the news doesn’t hover over the topic, the situation related to the Log4jShell exploit hasn’t changed much since last month, and the vulnerability continues to be exploited by threat actors targeting corporate networks.
As I write this, news relating to threat actors like ransomware gangs, nation-state cyber-espionage groups, crypto-mining gangs, initial access brokers, and DDoS botnets have all exploited the vulnerability in their previous operations.
The attacks exploiting log4j vulnerability will continue in the near future because, even though the Apache Software Foundation has released patches for the vulnerability, the apps using the Log4j library shell haven’t come out with their security updates, thereby leaving many apps, networks vulnerable to attacks.
Organizations will have to continue investing in preventing Log4j vulnerability attacks as hackers are actively searching for the vulnerability.