Now is the time to react. The National Institute for the Protection of Information Systems (Anssi) this Thursday, December 16, 2021, urged companies to fix IT managers. “Quickly” The critical “Log4Shell” flaw, which was made public last week, was very widespread.
“Currently, Ansi has only observed relatively harmless attacks, which are not good for future or yet undetected exploitation, but very serious., He said in a press release. Therefore, it is essential that companies identify their vulnerable applications and carry out an inventory work quickly to pursue emergency security updates. “
Possible data theft
In many software and applications around the world, Log4j affects the small amount of free software code used on servers. Solutions have been released by the Apache Software Foundation to address the issues. But it is a challenge for IT security managers around the world to identify all the programs that use this small module.
“Log4j is embedded in many software, and is deployed on all types of devices, from web servers to connected devices, and no one cares about its existence yet. So you have to go deep into the software layers to see it. , Said Gallery Philippe Rondel is a senior defense architect at the Czech Point, an Israeli security service provider.
The vulnerability is straightforward to use and can take control of the infected server, opening the door to ransomware attacks, data theft or espionage operations. Ansi also advises companies and firms to check if they have “New backups have been placed offline” , “From the Possible Perspective of the Rapid Exploitation of this Deficiency” In ransomware attacks.
Cyber criminals are present
The report is based on the observations of US experts Cisco and Cloudflare Record, The online media owned by American cybersecurity company Recorded Future, the first traces of the Log4Shell exploitation as of December 1st. Some malicious actors are ten days ahead of the defenders. Microsoft later reported it Internet spy systems China, Iran, North Korea and Turkey took advantage of the hole. An observation emerges from these initial feedbacks: All types of players, from the youngest to the most advanced, are interested in Log4Shell.
One of the reasons why this flaw in Log4j is classified as a maximum (10) on the vulnerability scale is the simplicity of operation. The latter “For many experts, a small painful end to the annual celebrations is guaranteed.” , The Director General of the Anssi Guillaume Poupard has evaluated, citing efforts to identify all locations where the vulnerable module is used. And add Philip Rondall, with Gallery : “If we compare the impact of the Log4Shell with the tsunami, we are still at the seismic stage and we are waiting for the wave.”
Crazy with AFP