They announced yesterday, Monday, that they would increase their IT security precautions. The reason is the fear of a wave of cyber attacks. “The Internet is currently on fire,” said George Kurtz, head of the US group Crowdstrike.
The IT manager “Log4j” was worried. This designation stands for part of a program in the Java programming language, with which events in IT operations are recorded like in a logbook. This includes data from notes, apps and other services. However, a security vulnerability has now been discovered in Log4j, the cause and extent of which cannot yet be assessed.
That the German Federal Office for Information Security (BSI) is speaking of an “extremely critical threat situation” is therefore no surprise, says Markus Roth. The branch chairman of the Upper Austrian management consultants, accountants and IT companies (Ubit) also sees domestic companies at risk, because: “This software element is widespread and has so far proven itself because it was available free of charge and unencrypted.” Private individuals shouldn’t feel safe either, because Log4j is also used in many network and system components.
Now the vulnerability opens a door for criminals and could enable them to take over the affected systems completely and also to undermine them with their own malware. In the worst case, according to Roth, this could go so far that attackers stole all of the data or demanded a ransom. Experts in Germany have already reported mass scans carried out by criminals, which apparently served to identify possible attacks.
Is it followed by a rude awakening?
Ubit chairman Roth expects the rude awakening for many only in the coming days and weeks. Because although there is now a security update for the hole in the program, it does not solve the problem. “The protection only takes effect once the update has been installed. And when attackers build back doors into programs, the damage is done.”
Roth advises companies to review their IT programs and also to consult external experts in suspected cases. “Waiting and hoping it doesn’t hit you is the wrong way to go.”
Source: Nachrichten
