CloudFlare ID’s active exploits of newer log4j vulnerability

An estimated third of all the websites in the world run Apache server software and remain vulnerable to serious cybersecurity threats, according to cybersecurity experts at Cloudflare reviewing Apache’s log4j vulnerability. Researchers have logged attacks on 44% of all corporate networks globally using log4j, and signs that nation-state and other well-funded threat actors are doubling down on the opportunity to attack unpatched systems are growing. Attackers are using ransomware like Khonsari to infiltrate servers, with Microsoft reporting critical concerns about Windows and even gaming servers like Minecraft needing to patch log4j. 

On Monday, Apache released a log4j patch for the critical security flaw affecting its widely used server reporting tool, but other serious security vulnerabilities were discovered that attackers can exploit in certain “non-default” configurations. CVE-2021-45046 allows threat actors to carry out denial-of-service (DoS) attacks and frustrates the efforts of IT managers around the world trying to maintain endpoint security and protect against malware infection from the initial exploit, CVE-2021-44228, aka Log4Shell. 

Cloudflare claims increased malicious activity of this new exploit and signs of yet another, 3rd exploit that targets weaknesses in the initial log4j patch, surfaced late Wednesday night. This new bug enables attackers to siphon sensitive data and is another reason for IT managers to patch affected endpoints immediately to the latest version. Apache has released a new patch update – version 2.16.0 – that addresses these flaws.

How do attackers leverage unauthorized access to high-value targets like banks, private equity, and financial services companies? Microsoft reports attackers exploiting the unpatched log4j vulnerability often act as “brokers” that sell access to target networks to other ransomware affiliates. The damage to consumers’ trust of financial organizations and any affected business is potentially even more damaging – in a recent survey, nearly 60% of financial services customers aged 35-44 said they would consider taking their business to another firm after a cybersecurity incident.

Need help deploying log4j vulnerability software security updates?