Incident Response, Application security, Vulnerability Management

Microsoft: Scan assets for Log4j soon or attackers might do it for you

(“Java Logo” by mrjoro is licensed under CC BY-NC 2.0)

In an update to its blog on the ongoing Log4j remediation efforts, Microsoft Threat Intelligence Center (MSTIC) says it has observed a variety of attackers — from nation states to criminal groups — using the exploit for mischief.

"Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. Microsoft has observed attackers using many of the same inventory techniques to locate targets," the company wrote Monday.

Microsoft's observations are in line with those of other companies, who have noted a ransomware, cryptominers and DDoS botnets leveraging the Log4j vulnerability as well as a Chinese espionage group targeting a Log4j flaw in VMware that VMware had previously issued guidance on.

"Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks," Microsoft wrote.

Before New Year's Day, Sophos researcher Sean Gallagher noted a 40% dip in internet scanning for the Log4j bug, which he attributed to the annual general lull in attacks between the last week of December and Russian Orthodox Christmas (Jan. 7), when Russian hackers often take time off.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.