Cybersecurity experts predict that a remote code execution vulnerability discovered in Log4j, which is currently being exploited by attackers, will persist for as long as possible. According to experts, due to its ubiquity and simplicity of exploitation, the problem will continue for months, if not years.
Sophos senior threat researcher Sean Gallagher explained that the attacks exploited the vulnerability to install coin miners and botnet. He explained, “The most recent intelligence suggests attackers are trying to exploit the vulnerability to expose the keys used by Amazon Web Service accounts. There are also signs of attackers trying to exploit the vulnerability to install remote access tools in victim networks, possibly Cobalt Strike, a key tool in many ransomware attacks.”
Other security experts also pointed out that hackers began exploiting the vulnerability almost immediately after their discovery. Chris Evans, CISO at HackerOne, said that they had received 692 reports of Log4j to 249 customer programs. Companies that had confirmed that they were vulnerable included Apple, Amazon, Twitter and Cloudflare.