March 08, 2022

Barracuda Threat Spotlight of Log4Shell Attack

Industry: N/A | Level: Tactical | Source: Barracuda

Research and monitoring from Barracuda of the Log4Shell vulnerability have identified steady and consistent exploit activity with only a few dips. Sources of attacker IPs largely originate from the US (83%) followed by Japan (10%), Germany and Netherlands (3%) and Russia (1%). Payloads for the vulnerability range from benign YouTube link deliveries, to threats involving cryptominer payloads, VMWare exploits and DDoS malware. There haven’t been observations of ransomware attacks using the log4shell vulnerability currently.

  • Anvilogic Scenario: Unix File Download, Modified, Executed
  • Anvilogic Use Case: Potential CVE-2021-44228 – Log4Shell