Barracuda: log4j bug is mainly used for botnets and ddos attacks
In practice, the Log4Shell vulnerability in Java library log4j is mainly used to include devices in botnets and to carry out ddos attacks. Security firm Barracuda says it sees mostly exploitation via the Mirai botnet, but hardly any ransomware infections.
Barracuda bases its research report on cases at customers where abuse of the vulnerability is detected. It concerns Log4Shell, an attack on Java library log4j in which a bug was discovered in December. It made it very easy to perform remote code execution and infect a system. Although a patch is now available for the bug, many security researchers feared large-scale exploitation with dire consequences. For example, it would be simple to put ransomware on a network via log4j.
Barracuda’s report now shows that the consequences are not that bad. The company says it has mainly seen botnet and crypto mining attacks in recent months. Log4Shell is being abused to install Monero miners and to integrate systems into botnets. These include the Mirai botnet, but also Kinsing and XMRig. This also happened shortly after the vulnerability was made public; the only attacks that occurred in the early days were botnet attacks.
Barracuda says it has seen a few cases of more serious cybercrime gangs trying to abuse Log4Shell. In that case, the vulnerability is mainly used to move laterally through a network, specifically on VMware installations. “We don’t see many examples of ransomware attacks on VMware installations and expect this to be a threat from within,” the company writes.