HomeMalware & ThreatsFritzFrog Botnet Exploits Log4Shell Vulnerability - GovInfoSecurity

FritzFrog Botnet Exploits Log4Shell Vulnerability – GovInfoSecurity

Published on

spot_img

Akamai researchers have detected a botnet malware that has been updated to use the Log4Shell vulnerability as an infection vector. This new method supplements the botnet’s usual remote login brute force technique. The botnet in question is known as FritzFrog and was first documented in 2020. The Log4Shell vulnerability, also tracked as CVE-2021-44228, gained widespread attention in late 2021 when a flaw was identified in the widely used Apache Log4J 2 Java library. The FritzFrog botnet operators have been exploiting the fact that system administrators tend to give lower priority to patching internal network machines, compared to internet-facing applications which are more obvious priorities for patching. FritzFrog specifically looks for subnets and targets possible addresses within them. This means that even if high-profile internet-facing applications have been patched, a breach of any asset in the network by FritzFrog can still expose unpatched internal assets to exploitation.

The specific method the botnet uses to trigger the Log4Shell vulnerability involves forcing an application to log data containing a malicious payload. This payload then forces the Java application to connect to a server controlled by the attacker and download a malware binary. Researchers have described FritzFrog as a “new generation” botnet due to its use of a proprietary peer-to-peer protocol to spread across SSH servers worldwide.

According to Akamai, FritzFrog still uses brute force techniques to infect SSH servers, but it now also attempts to identify specific SSH targets by enumerating several system logs on each of its victims. This represents a concerning evolution of the botnet’s capabilities and highlights the ongoing threat that it poses to both internet-facing and internal network machines.

The expansion of FritzFrog’s capabilities to exploit the Log4Shell vulnerability underscores the widespread impact of this critical flaw in the Apache Log4J 2 library. The U.S. public and private sector security experts have previously warned that patching every vulnerable Log4j instance could take a decade or longer. This highlights the urgency of addressing and patching vulnerabilities such as Log4Shell to prevent them from being exploited by malicious actors.

The ongoing evolution and adaptation of botnets like FritzFrog serve as a reminder of the constantly changing and dynamic threat landscape that organizations and individuals face in the digital realm. It is essential for organizations to prioritize and maintain robust cybersecurity measures to defend against these evolving threats and protect sensitive data and systems from compromise.

Overall, the detection of botnet malware updated to exploit the Log4Shell vulnerability serves as a stark reminder of the importance of prioritizing cybersecurity and promptly addressing critical vulnerabilities to prevent them from being exploited by malicious actors. This ongoing threat underscores the need for continued vigilance and proactive measures to defend against evolving cybersecurity threats in an increasingly interconnected digital environment.

Source link

Latest articles

Businesses Boost Cybersecurity Spending in 2024

Cybersecurity remains a pressing issue for businesses in 2024, as evidenced by a recent...

Ransomware Group LockBit Restores Dark Web Leaking Site

LockBit, a Russian-speaking ransomware operation, made a bold statement on Saturday by reestablishing a...

Review of Mr Natwarlal Movie: Delve into the realm of cyber crime

Director Lava Kaggere has chosen an intriguing subject for his latest film, which not...

VPN Usage in Times of War: How Increasing Global Conflicts are Prompting a Greater Need for VPNs

The current state of global affairs is marked by escalating conflicts and increasing tensions...

More like this

Businesses Boost Cybersecurity Spending in 2024

Cybersecurity remains a pressing issue for businesses in 2024, as evidenced by a recent...

Ransomware Group LockBit Restores Dark Web Leaking Site

LockBit, a Russian-speaking ransomware operation, made a bold statement on Saturday by reestablishing a...

Review of Mr Natwarlal Movie: Delve into the realm of cyber crime

Director Lava Kaggere has chosen an intriguing subject for his latest film, which not...
en_USEnglish