![]() But even still, the likelihood of ransomware attacks that trace back to the flaw is high, according to researchers. The disclosure of the Log4j vulnerability has been met with a herculean response from security teams. This year’s spate of high-profile ransomware incidents included attacks against fuel pipeline operator Colonial Pipeline, meat processing firm JBS Foods, and IT management software firm Kaseya - all of which had massive repercussions far beyond their corporate walls. Sixty-six percent of companies have experienced a ransomware attack in the previous 12 months, according to CrowdStrike’s recent report, up from 56% in the company’s 2020 report. CrowdStrike reports that the average ransomware payment climbed by 63% in 2021, reaching $1.79 million. ![]() For the first three quarters of 2021, SonicWall reported that attempted ransomware attacks surged 148% year-over-year. The ransomware problem had already gotten much worse this year. “It could be a while before we see the real impact - in terms of what people have gotten access to and what the economic impact is of that access,” Gallagher said. ![]() This allows the operator to later extort the company in exchange for not releasing their data on the web. Ransomware operators will often slowly export a company’s data for a period of time before springing the ransomware that encrypts the company’s files, Gallagher said. It may still be weeks or months before the first successful ransomware attacks result from the Log4Shell vulnerability, Gallagher noted. “Any service connected to the internet and not yet patched for the Log4j vulnerability (CVE-2021-44228) is vulnerable to hackers, and VMware strongly recommends immediate patching for Log4j,” the company said in the statement. ![]() In a statement responding to the report, VMware said that “the security of our customers is our top priority” and noted that it has issued a security advisory that is updated regularly, while users can also subscribe to its security announcements mailing list. Other concerning developments include a report from cyber firm AdvIntel that a major ransomware gang, Conti, has been found to be exploiting the vulnerability in Log4j to gain access and move laterally on vulnerable VMware vCenter servers. “You can assume they’re likely access brokers, or other cybercriminals who may sell access on the side,” Gallagher told VentureBeat. At cybersecurity giant Sophos, the company has spotted activity involving attempted installation of Windows backdoors that points to access brokers, said Sean Gallagher, a senior threat researcher at Sophos Labs. ![]()
0 Comments
Leave a Reply. |