Log4Shell was used for nearly a third of malware infections

Lacework's latest Cloud Threat Report revealed that the famous Log4Shell vulnerability was used as an initial vector of malware infection in 31 percent of the cases the company tracked over the past six months. We recall that the bug was discovered last December in the Log4j library, used by many applications and online services. Since logging systems are used by virtually any network security system (and more), so that reports can be viewed in the event of errors or problems, the Log4Shell vulnerability has had a major impact.



Photo Credit: Unsplash.com Lacework Labs, as reported by colleagues at Infosecurity-magazine, explained:

Over time, we've seen scanning activity evolve into attacks more frequent, including some who have deployed crypto-miners and Distributed Denial of Service (DDoS) bots to affected systems. In addition to improving their payloads, attackers have continued to adapt their exploitation methods to be one step ahead of the signature-based detections used by many types of security products.


Photo Credit: Unsplash.com In addition to Log4j, several hacker groups have also used a backdoor in the NPM package ua-parser-js to gain access to Linux systems and launch the XMRig open-source miner . Apparently, NPM has also been used for other purposes, so much so that some groups have simplified the process to more easily distribute malware through this method. Specifically, Lacework Labs stated in this regard:

Attackers have fully automated the NPM account creation process and opened dedicated accounts, one per package, making their new malicious packages much more difficult to detect. At the time of writing, the man responsible for the 'RED-LILI' threat is still active and continues to distribute malicious packages.