The first malicious action occurs at Step 3 as the LDAP Server reaches out to the attacker’s server. Virsec identifies that as an RFI vulnerability.
At Step 4, the response from the bad actor server triggers a malicious java class to get loaded. Virsec detects this malicious class load directly into memory.
Once the malicious class gets loaded in memory, it could unleash more file-based or fileless malware. Virsec Security Platform for Host, otherwise known as, VSP-Host (Process Monitoring and ACP Engine), stops those attacks without even one instruction from such malware executing.
Learn More about Virsec’s Cybersecurity Solutions for Healthcare
