VMware Flaws in April Used to Deliver Mirai Malware and Exploit Log4Shell

Researchers report that hackers are using a GitHub proof-of-concept exploit of recently disclosed VMware vulnerabilities in the wild.

Recent VMware vulnerabilities are being exploited by hackers intent on delivering the Mirai denial-of-service malware and exploiting the Log4Shell vulnerability.

Barracuda security researchers discovered attempts to exploit the recently disclosed vulnerabilities CVE-2022-22954 and CVE-2022-22960, both of which were disclosed last month.

Researchers at Barracuda analyzed the attacks and payloads detected by Barracuda systems between April and May and discovered a steady stream of attempts to exploit two recently discovered VMware vulnerabilities: CVE-2022-22954 and CVE-2022-22960.

VMware published an advisory detailing multiple security vulnerabilities on April 6, 2022. The most severe of these vulnerabilities is CVE-2022-22954, which has a CVSS score of 9.8. This vulnerability allows an attacker with network access to remotely execute code via server-side template injection on VMware Workspace ONE Access and Identity Manager Solutions.

CVE-2022-22960 (CVSS score: 7.8) is a local privilege escalation flaw in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. According to VMware’s advisory, the flaw is caused by incorrect permissions in support scripts, which allows an attacker with local access to gain root privileges.

VMware Workspace One is an intelligently-driven workspace platform that simplifies and secures the management of any app on any device. vRealize Automation is a DevOps-based infrastructure management platform for configuring IT resources and automating the delivery of containerized applications. The Identity manager handles authentication to the platform.

Exploitation Occurred Following PoC Publication

The Barracuda researchers observed that the preceding vulnerabilities form a potential vector for complete exploitation.

In April, after VMware disclosed the vulnerability, a proof-of-concept (PoC) was published on GitHub and shared on Twitter.

“Shortly after the release of the advisory and the initial release of the proof of concept on GitHub, Barracuda researchers began observing probes and exploit attempts for this vulnerability,” the company reported.

After the release of the proof-of-concept, the researcher observes an increase in attempts, which they classify as a probe rather than actual attempts to exploit.

“The attacks have been consistent over time, except a few spikes, and the vast majority are classified as probes as opposed to actual exploit attempts,” they explained.

Barracuda researchers also discovered that the majority of exploit attempts originate from botnet operators, with the IPs discovered hosting variants of the Mirai distributed-denial-of-service (DDoS) botnet malware, Log4Shell exploits, and low levels of EnemyBot (a DDoS botnet) attempts.

The majority of attacks (76 percent) originated in the United States, with the majority coming from data centers and cloud service providers. The researcher added that there is an increase in IP addresses from the United Kingdom and Russia and that approximately six percent of the attacks originate from these regions.

“There are also consistent background attempts from known bad IPs in Russia,” the researchers noted.

Researchers explained, “Some of these IPs perform periodic scans for specific vulnerabilities, and it appears that the VMware vulnerabilities have been added to their usual rotating list of Laravel/Drupal/PHP probes.”

According to Barracuda, “interest levels on these vulnerabilities have stabilized” since the initial spike in April, and the researcher expects to continue analyzing low-level scanning and attempts for a while.

Barracuda recommends applying patches immediately, especially if the system is internet-facing, and placing a Web application firewall (WAF) in front of such systems “will add to defense in depth against zero-day attacks and other vulnerabilities, including Log4Shell.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
The Rise of the Rookie Hacker – A New Trend to Reckon With

December 21, 2022

More zero-knowledge attacks, compromised credentials, and cybercrimes committed by Generation Z – trends and forecasts for 2022 and 2023. Cybercrime continues to pose a significant threat to individuals, businesses, and governments worldwide. Cybercriminals continue to exploit the pervasiveness of digital…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.