Crypto Trading Platform Hit
Vietnamese crypto trading platform Onus was hit with a ransomware attack leveraging the Log4j flaw on its payment system, according to Check Point Research’s latest threat intelligence bulletin.
Cybercriminals demanded a $5 million ransom in a double extortion scheme, it said. Onus refused to pay, so the threat actors published for sale records of 2 million Onus customers.
Last month, researchers discovered a zero-day exploit in log4j, the the popular Java logging library. It results in remote code execution (RCE) by logging a certain string. Since then, additional vectors have been discovered.
Yaniv Bar-Dayan is CEO and co-founder at Vulcan Cyber.
“The integrated IT security industry is not very good at effectively mitigating known vulnerabilities, and Apache vulnerabilities are no exception,” he said. “As an industry, we need to get better at sufficient mitigation of known vulnerabilities or we will see more of what we saw with the SolarWinds exploit, but with the new vulnerability of the day used instead. We need to do much better as cybersecurity pros to identify the vulnerabilities that matter to our businesses and organizations by assessing and prioritizing associated risk. Then we need to take control and orchestrate the mitigation effort while measuring our ability to drive cyber hygiene and attain acceptable levels of risk.”
