IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Log4j vulnerability continues to stress CISOs

Avast's latest threat report also reveals the resurrection of the infamous Emotet botnet

The Log4j vulnerability was actively exploited by coinminers, remote access trojans (RATs), botnets, ransomware, and advanced persistent threats (APTs) in December 2021, according to Avast's Q4 2021 threat report.

Using the aformentioned vulnerability, malicious attackers can execute code remotely on any targeted computer.  

Avast's threat researchers have also observed a revival of the Emotet botnet, as well as an increase in coin mining activity by 40%. Both present risks to consumers and businesses alike, placing CISO departments under greater stress.

The security company's Q4 findings also indicate an increase in adware, technical support scams, subscription scams, and spyware targeting Android users. However, RAT and ransomware activity decreased in Q4.

Avast malware research director Jakub Kroustek said: “Towards the end of the year, the extremely dangerous, ubiquitous, and easy to abuse Log4j vulnerability made CISO departments sweat, and rightly so, as it was weaponized by attackers spreading everything from coinminers to bots to ransomware."

"On the other hand, we are happy to report decreases in RAT, information stealer, and ransomware attacks. RAT activity died down thanks to the holidays, with bad actors even going as far as copying the DcRat remote access Trojan and renaming it 'SantaRat',” added Kroustek.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

Aside from exploiting Log4j, threat actors exploited CVE-2021-40449 vulnerability, which elevates permissions for malicious processes through the Windows kernel driver. Attackers used the aforementioned vulnerability to download and run the MistarySnail RAT, according to Avast.

In addition, a malicious campaign abusing Microsoft Azure and Amazon Web Services (AWS) accounted for high NanoCore and AsyncRat detections. AWS and Azure were used as download servers for malware payloads during the campaign.

Even so, Avast reported a 28% decrease in ransomware risk ratio compared to Q3 2021.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022