Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Belgian Defense Ministry confirms cyberattack through Log4j exploitation

20 декабря 2021 г Hi-network.com

The Belgian Ministry of Defense has confirmed a cyberattack on its networks that involved the Log4j vulnerability. 

In a statement, the Defense Ministry said it discovered an attack on its computer network with internet access on Thursday. They did not say if it was a ransomware attack but explained that "quarantine measures" were quickly put in place to "contain the infected elements."

more Log4j

  • Log4j zero-day: How to protect yourself
  • Apache releases new 2.17.0 patch
  • Security firm discovers new attack vector
  • 10 questions you need to be asking
  • Governments release Log4j advisory
  • So far, nearly half of corporate networks have been attacked
  • US: Hundreds of millions of devices at risk

"Priority was given to the operability of the network. Monitoring will continue. Throughout the weekend, our teams were mobilized to contain the problem, continue our operations and alert our partners," the Defense Ministry said. 

"This attack follows the exploitation of the Log4j vulnerability, which was made public last week and for which IT specialists around the world are jumping into the breach. The Ministry of Defense will not provide any further information at this stage."

Multiple reports from companies like Google and Microsoft have indicated that government hacking groups around the world are leveraging the Log4j vulnerability in attacks. 

According to Microsoft, state-sponsored hackers from China, Turkey, Iran and North Korea have started testing, exploiting and using the Log4j bug to deploy a variety of malware, including ransomware. A number of reports have noted that since the vulnerability was discovered nearly two weeks ago, cybercriminal groups have sought to not only use it to gain a foothold in networks but sell that access to others, including governments. 

Governments around the world have urged agencies and organizations to patch their systems or figure out mitigations in order to avoid attacks and breaches. The US' Cybersecurity and Infrastructure Security Agency ordered all federal civilian agencies to patch systems before Christmas and Singapore held emergency meetings with critical information infrastructure sectors to prepare them for potential Log4j-related threats.

Centre for Cybersecurity Belgium spokesperson Katrien Eggers told ZDNet that they too sent out a warning to Belgian companies about the Apache Log4j software issue, writing that any organization that had not already taken action should "expect major problems in the coming days and weeks."

"Because this software is so widely distributed, it is difficult to estimate how the discovered vulnerability will be exploited and on what scale," the Centre for Cybersecurity Belgium said, adding that any affected organizations should contact them. 

"It goes without saying that this is a dangerous situation."

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Горячие метки: Технологии и оборудование Безопасность и охрана

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.