I-Arhente ye-Cyber Security and Infrastructure Agency yase-US (CISA) kunye ne-US Coast Guard Cyber Command (CGCYBER) yabhengeza ngengcebiso yokhuseleko lwe-cyber (CSA) ukuba Ubuthathaka be-Log4Shell (CVE-2021-44228) zisaxhatshazwa ngabagebenga.
Ngamaqela e-hacker afunyenweyo abasasebenzisa ukuba sesichengeni le "APT" kwaye kufunyaniswe ukuba baye bahlasela kwiiseva ze-VMware Horizon kunye neSango loFikelelo oluManyeneyo (UAG) ukufumana ufikelelo lokuqala kwimibutho engakhange isebenzise iipetshi ezikhoyo.
I-CSA ibonelela ngolwazi, kuquka amaqhinga, ubuchule, kunye nemigaqo kunye nezalathi zokulalanisa, eziphuma kwiindibano ezimbini eziye zasabela kwiziganeko ezinxulumeneyo kunye nohlalutyo lwe-malware yeesampuli ezifunyenwe kuthungelwano lwamaxhoba.
Kwabo bangaziyoe Log4Shell, kufuneka wazi ukuba oku kusemngciphekweni eyathi yavela okokuqala ngoDisemba kwaye yajolisa ngokusebenzayo ukuba semngciphekweni ifunyenwe kwi-Apache Log4j, ebonakaliswe njengesakhelo esidumileyo sokulungiselela ukungena kwizicelo zeJava, evumela ukuba ikhowudi engafanelekanga iqhutywe xa ixabiso elifomathiweyo ngokukodwa libhalwa kwirejista kwifomathi "{jndi: URL}".
Ukuba sesichengeni Kuyaphawuleka kuba uhlaselo lunokuqhutywa kwizicelo zeJava ukubaBabhala amaxabiso afunyenwe kwimithombo yangaphandle, umzekelo ngokubonisa amaxabiso anengxaki kwimiyalezo yempazamo.
Kuyaqapheleka ukuba phantse zonke iiprojekthi ezisebenzisa izikhokelo ezinje ngeApache Struts, Apache Solr, Apache Druid okanye Apache Flink ziyachaphazeleka, kubandakanya iSteam, iApple iCloud, abathengi beMinecraft kunye neeseva.
Isaziso esipheleleyo sineenkcukacha ezininzi zeemeko zamva nje apho abahlaseli basebenzise ngempumelelo ukuba sesichengeni ukuze bafumane ufikelelo. Ubuncinci kwi-compromise enye eqinisekisiweyo, abadlali baqokelele kwaye bakhupha ulwazi olubucayi kwinethiwekhi yexhoba.
Uphendlo lwesisoyikiso oluqhutywa nguMkhuseli weCyber kuNxweme lwase-US lubonisa ukuba abadlali bezoyikiso basebenzise i-Log4Shell ukuze bafumane ukufikelela kwinethiwekhi kwixhoba elingachazwanga. Bafake "hmsvc.exe." ifayile ye-malware, eyenza njengeMicrosoft Windows SysInternals LogonSessions usetyenziso lokhuseleko.
Ukuphunyezwa okuzinziswe ngaphakathi kwe-malware iqulethe izinto ezahlukeneyo zokukwazi, kubandakanywa ukugawulwa kweqhosha kunye nokuphunyezwa kwemithwalo eyongezelelweyo, kwaye ibonelela ngomzobo wojongano lomsebenzisi ukufikelela kwi-desktop ye-Windows yexhoba. Inokusebenza njenge-proxy yomyalelo kunye nokulawula i-tunneling proxy, evumela ukuba umqhubi okude afikelele ngakumbi kwinethiwekhi, ii-arhente zithi.
Uhlalutyo luphinde lwafumanisa ukuba i-hmsvc.exe yayisebenza njenge-akhawunti yenkqubo yendawo kunye nelona nqanaba liphezulu lamalungelo, kodwa ayizange ichaze ukuba abahlaseli bawaphakamise njani amalungelo abo kuloo ndawo.
I-CISA kunye ne-Coast Guard bacebisa ukuba yonke imibutho faka ukwakhiwa okuhlaziyiweyo ukuqinisekisa ukuba iinkqubo zeVMware Horizon kunye ne-UAG echaphazelekayo sebenzisa uguqulelo lwamva nje.
Isilumkiso songeze ukuba imibutho kufuneka isoloko igcina isoftware isexesheni kwaye ibeke phambili ukuchwetheza ubuthathaka obaziwayo obuxhatshaziweyo. Umphezulu wohlaselo olujongene ne-Intanethi kufuneka luncitshiswe ngokubamba iinkonzo ezibalulekileyo kwindawo eyohluliweyo engasenamkhosi.
Ngokusekwe kwinani leeseva ze-Horizon kwiseti yethu yedatha engapakishwanga (kuphela yi-18% ekhutshiweyo ukusuka kubusuku bangolwesiHlanu ophelileyo), kukho umngcipheko omkhulu wokuba oku kuya kuba nefuthe elibi kumakhulu, ukuba ayingawo amawaka, amashishini. . Le mpelaveki ikwaphawula okokuqala sibona ubungqina bokunyuka okuxhaphakileyo, ukusuka ekufumaneni ukufikelela kokuqala ukuya ekuqaleni ukuthatha inyathelo elichasayo kwiiseva ze-Horizon. "
Ukwenza njalo kuqinisekisa ulawulo olungqongqo lokufikelela kwi-perimeter yenethiwekhi kwaye akusimkeli iinkonzo ezijongene ne-Intanethi ezingabalulekanga kwimisebenzi yeshishini.
I-CISA kunye neCGCYBER zikhuthaza abasebenzisi kunye nabalawuli ukuba bahlaziye zonke iinkqubo ezichaphazelekayo ze-VMware Horizon kunye ne-UAG kwiinguqulelo zamva nje. Ukuba uhlaziyo okanye i-workarounds ayizange isetyenziswe ngokukhawuleza emva kokukhutshwa kohlaziyo lwe-VMware ye-Log4Shell, phatha zonke iinkqubo ezichaphazelekayo ze-VMware njengengozi. Jonga iCSA ekhohlakeleyo yabadlali beCyber Baqhubeke nokuSebenzisa i-Log4Shell kwiiNkqubo ze-VMware Horizon ngolwazi oluthe kratya kunye nezindululo ezongezelelweyo.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.