February 4, 2024 at 12:19PM
The FritzFrog botnet has resurfaced, using the Log4Shell vulnerability to target internal hosts within compromised networks. It has expanded its targets to healthcare, education, and government sectors and now deploys cryptocurrency miners. FritzFrog also utilizes SSH brute-force and CVE-2021-4034 to escalate privileges, making efforts to avoid detection. Akamai is tracking this activity as Frog4Shell.
From the provided meeting notes, it is clear that there is a significant cybersecurity threat from the FritzFrog botnet, which has evolved to exploit the Log4Shell vulnerability for internal network propagation. The botnet primarily targets machines with weak SSH credentials, focusing on internet-facing servers and has expanded its impact to healthcare, education, and government sectors.
A novel aspect of the latest version of FritzFrog is its use of the Log4Shell vulnerability to single out internal hosts, even after internet-facing applications have been patched, thereby highlighting the ongoing risk to unpatched internal systems. The malware has also been updated to utilize SSH brute-force tactics and a local privilege escalation flaw (CVE-2021-4034) to ensure persistence and evade detection.
Additionally, it is worth noting that the InfectedSlurs botnet is actively exploiting now-patched security flaws impacting DVR device models for distributed denial-of-service (DDoS) attacks.
It is essential to prioritize patching vulnerable internal systems and remain vigilant against these evolving threats.