The Log4j to Ransomware Pipeline; Who Watches the DarkWatchman; and Emotet Zero-Day Patch

Published 12/23/21, 9:30am

The latest in cybersecurity news 

This week we discuss the use of the Log4j vulnerability to deploy a new ransomware variant, a novel RAT capable of squeezing into the nooks and crannies of the Windows operating system to avoid detection, and we discuss Microsoft’s final patch Tuesday of 2021 and their steps to fix a zero-day in the AppX Installer. 

• Log4j Vulnerability Already Being Used for New Ransomware
• DarkWatchman RAT Hides in the Registry to Evade Detection
• Microsoft Patches AppX Zero-day Previously Exploited to Deliver Emotet

Cybersecurity news final thoughts: The Cybersecurity Sliding Door

Cybersecurity can often feel like a neverending Tom and Jerry bit, as we rush to close and lock doors only to turn around and see attackers standing inside next to an open window we didn’t know existed. But this week’s stories are a reminder that the sum of cybersecurity is more than a series of open windows and doors. In reality, it’s more like a sliding glass door set in a track that goes back to the time we first connected one computer to another, and grows longer with every passing day. 

Last week, the Log4j vulnerability became a new section of track we all had to worry about, and rightly so. The prevalence of Log4j across computing instantly made the Log4Shell exploit one of the most important things we needed to worry about as an industry, especially given the recent string of supply-chain attacks and their impacts on the world. So as reports rolled in and patches came out, we collectively put our weight behind shifting the door down the track to quickly resolve this new threat.

And sure enough, no sooner had the Log4j vulnerability been disclosed than threat actors turned to using it to deliver ransomware, even if that ransomware’s end goals may not be so clear.

But cybersecurity is a strained industry already, and it’s only possible to cover down on so much of the sliding door’s track at a time. As we shift our attention and our defensive efforts, we always have to remember that attackers can fall back to old methods at any moment. While the AppX Installer vulnerability itself may not be old, the tried and true methods and weaknesses that the Emotet malware family used to exploit it–phishing, application spoofing, and end-user vulnerability–are ever-present.

By its nature, cybersecurity is a reactive practice–we can’t defend against what we don’t know exists. The most we can do is put our attention where it’s most needed at any moment, and rely on our own tried-and-true practices to see us through. We can’t be everywhere at once, but staying on top of patches & fixes, and implementing the recommended mitigations when we can’t, will let us devote our attention to the newest vulnerabilities, ransomware families, and malware variants that pop up.