Leveraging this Sigma rule, security practitioners can also instantly hunt for threats related to the most recent Log4Shell exploitation attempts with the help of SOC Prime’s Quick Hunt module. The above-referenced Sigma detection is compatible with 23 SIEM, EDR, and XDR solutions supported by SOC Prime’s platform and addresses the Execution ATT&CK tactic represented by the Scheduled Task/Job (T1053) technique to ensure enhanced visibility into relevant threats. Suspicious Scheduled Task creation after Log4shell Exploitation in VMware Horizon Systems (via process_creation) The detection is aligned with the MITRE ATT&CK® framework addressing the Execution tactic with the Command and Scripting Interpreter (T1059) as its primary technique along with the Initial Access tactic with the corresponding Exploit Public-Facing Application (T1190) technique enabling cyber defenders to identify the adversary behavior when they attempt to gain initial access to the compromised network.
This Sigma rule can be applied across 21 SIEMs and security analytics platforms, including industry-leading cloud-native solutions. Possible Exploit Log4Shell in VMware Horizon Systems by Detection of Associated Malicous PE Files (via file_event) SOC Prime’s Detection as Code platform offers a set of curated Sigma rules crafted by our keen Threat Bounty Program developers, Onur Atali and Emir Erdogan, enabling organizations to detect the latest exploitation attempts of CVE-2021-44228 flaw in VMware Horizon and UAG servers: Detect New Attempts to Exploit Log4Shell in VMware Horizon Systemsĭue to increasing cyber risks, organizations that are leveraging VMware servers vulnerable to the Log4Shell vulnerability are continuously striving to look for new ways to reinforce their cyber resilience. Coast Guard Cyber Command (CGCYBER), network cyber defenders should beware of a new wave of exploitation attempts leveraging the CVE-2021-44228 flaw in the public-facing servers exposing organizations that haven’t applied relevant patches or workarounds to severe cyber risks. According to the joint advisory by CISA and U.S.
Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations.
0 kommentar(er)
