Close Menu
  • Business
    • Market Place
  • Devices & Gadgets
    • Buyers Guide
    • Trending
    • Social
  • Mobile & Telecoms
    • Broadband
  • Innovations
    • APPS
    • Start-ups
    • Software
    • AI ( artificial intelligence)
    • Auto-Tech
  • Health
    • Security
  • State
    • NCC
    • NiRA and .ng
    • NITDA
  • i-Sports
    • i-tertainment/Gaming
    • I-TV/Podcast
  • Reviews
    • Opinion
    • Special Report
    • Editorial and Analysis
  • Others
    • Events
    • Archive
    • Interviews
Facebook X (Twitter) Instagram
Latest
  • KongaPay Raises the Bar with Three ISO Certifications
  • SeerBit, Spectranet Launch ExpressPay to Revolutionise Internet Subscription Payments
  • Zinox Group’s Vision for Empowering 10,000 Women in Tech
  • FBNQuest Hosts Estate Planning Summit
  • TD Africa’s TecHERdemy churns out 400 female graduands
  • PAFON 2.0: Experts Highlight Ingredients for Accelerated Financial Inclusion in Nigeria
  • Starlink Gen 3 Kit Revolutionizes Satellite Internet in Nigeria
  • NITDA calls for public inputs on Digital Public Infrastructure document
Facebook X (Twitter) Instagram YouTube LinkedIn
IT NEWS NIGERIAIT NEWS NIGERIA
Subscribe Now
  • Business
    • Market Place
  • Devices & Gadgets
    • Buyers Guide
    • Trending
    • Social
  • Mobile & Telecoms
    • Broadband
  • Innovations
    • APPS
    • Start-ups
    • Software
    • AI ( artificial intelligence)
    • Auto-Tech
  • Health
    • Security
  • State
    • NCC
    • NiRA and .ng
    • NITDA
  • i-Sports
    • i-tertainment/Gaming
    • I-TV/Podcast
  • Reviews
    • Opinion
    • Special Report
    • Editorial and Analysis
  • Others
    • Events
    • Archive
    • Interviews
IT NEWS NIGERIAIT NEWS NIGERIA
Home»Security»Red Flag for Ransomware: Attackers Are Using the Log4Shell Vulnerability to Deliver Backdoors to Virtual Servers – Sophos new study
Security

Red Flag for Ransomware: Attackers Are Using the Log4Shell Vulnerability to Deliver Backdoors to Virtual Servers – Sophos new study

IT NEWS NIGERIABy IT NEWS NIGERIAApril 2, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
Sophos
Share
Facebook Twitter LinkedIn Pinterest Email

Sophos Finds Three Backdoors, Possibly Delivered by Initial Access Brokers, and Four Cryptominers Targeting Unpatched VMware Horizon Servers

Advertisement

IT News Nigeria:

 Sophos, a global leader in next-generation cybersecurity, has released findings on how attackers are using the Log4Shell vulnerability to deliver backdoors and profiling scripts to unpatched VMware Horizon servers, paving the way for persistent access and future ransomware attacks. A new technical paper, “Horde of Miner Bots and Backdoors Leveraged Log4J to Attack VMware Horizon Servers,” details the tools and techniques used to compromise the servers and deliver three different backdoors and four cryptominers. The backdoors are possibly delivered by Initial Access Brokers.

Log4Shell is a remote code execution vulnerability in the Java logging component, Apache Log4J, which is embedded in hundreds of software products. It was reported and patched in December 2021.

“Widely used applications such as VMware Horizon that are exposed to the internet and need to be manually updated, are particularly vulnerable to exploitation at scale,” said Sean Gallagher, senior security researcher at Sophos.

“Sophos detections reveal waves of attacks targeting Horizon servers, starting in January, and delivering a range of backdoors and cryptominers to unpatched servers, as well as scripts to collect some device information. Sophos believes that some of the backdoors may be delivered by Initial Access Brokers looking to secure persistent remote access to a high value target that they can sell on to other attackers, such as ransomware operators.”

The multiple attack payloads Sophos detected using Log4Shell to target vulnerable Horizon servers include:

·         Two legitimate remote monitoring and management tools, Atera agent and Splashtop Streamer, likely intended for malicious use as backdoors

·         The malicious Sliver backdoor

·         The cryptominers z0Miner, JavaX miner, Jin and Mimu

·         Several PowerShell-based reverse shells that collect device and backup information

Sophos’ analysis revealed that Sliver is sometimes delivered together with Atera and PowerShell profiling scripts and is used to deliver the Jin and Mimu variants of the XMrig Monero miner botnet.

According to Sophos, the attackers are using several different approaches to infect targets. While some of the earlier attacks used Cobalt Strike to stage and execute the cryptominer payloads, the largest wave of attacks that began in mid-January 2022, executed the cryptominer installer script directly from the Apache Tomcat component of the VMware Horizon server. This wave of attacks is ongoing.

“Sophos’ findings suggest that multiple adversaries are implementing these attacks, so the most important protective step is to upgrade all devices and applications that include Log4J with the patched version of the software. This includes patched versions of VMware Horizon if organizations use the application in their network,” said Gallagher. 

“Log4J is installed in hundreds of software products and many organizations may be unaware of the vulnerability lurking in within their infrastructure, particularly in commercial, open-source or custom software that doesn’t have regular security support. And while patching is vital, it won’t be enough if attackers have already been able to install a web shell or backdoor in the network. Defense in depth and acting upon any detection of miners and other anomalous activity is critical to avoid falling victim to such attacks.”

Post Views: 179
Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
Previous ArticleN750/L Diesel: Telecoms operators may seek new price review
Next Article Africa Data Hub Announces Community Journalism Fellowship (ACJF) 2022/2023
IT NEWS NIGERIA

Related Posts

3 Mins Read

Sophos XDR Excels in MITRE ATT&CK Evaluations: Enterprise

December 17, 2024
3 Mins Read

Teresa Anania Joins Sophos as Chief Customer Officer

July 23, 2024
4 Mins Read

Financial Education: 8 Important Steps To Secure Your PalmPay Account

June 25, 2024
5 Mins Read

Trend Micro blocked 18 million email threats, 4million  malicious mobile apps targeted at Nigerian businesses

May 25, 2024
Leave A Reply Cancel Reply

About Us
IT NEWS NIGERIA (www.itnewsnigeria.ng) is an on-line platform aimed at enriching Nigeria and Africa content in the cyberspace.

We believe the future is online.
Popular Updates

Design Bootcamps vs Self-Taught, A product designer’s perspective

March 22, 2024

How to get N100,000 loan @3% at Zenith Bank and other services

November 12, 2020

Interview: From Start-ups to Big Brands: Growth Marketing Strategies that work by Oluwasekemi Akinbo

May 18, 2023

Subscribe to Updates

Get the latest tech news & updates from IT NEWS NIGERIA

Facebook X (Twitter) Instagram Pinterest YouTube LinkedIn
  • About Us
  • Privacy Policy
  • Terms of Service
  • Advertise With Us
  • Contact Us
© 2025 IT NEWS NIGERIA.

Type above and press Enter to search. Press Esc to cancel.

Signup to our Newsletter