Five Eyes intelligence agencies warns millions at risk as hackers exploit mutating Log4Shell bug

/in


Five Eyes intelligence agencies are warning of a rapidly evolving cyber storm that could hit everyone from gamers to big and small businesses, hospitals, transport and power systems.

“This is an evolving situation, and new vulnerabilities are being discovered,” the Australian, United States, United Kingdom, Canadian and New Zealand agencies have warned in an alert.

“The ACSC has observed malicious cyber actors using this vulnerability to target and compromise systems globally and in Australia,” the Australian Cyber Security Centre told AAP on Friday.

The joint alert issued out of the US said the vulnerabilities, especially Log4Shell, are “severe”.

The Log4Shell vulnerability affects software used by millions of Australians, often unknowingly, on their home and work computers, phones, apps, online games or when saving data in the cloud.

Intelligence agencies from the US, UK, Australia, Canada and New Zealand have warned the mutating Log4Shell bug is putting millions at risk.
Intelligence agencies from the US, UK, Australia, Canada and New Zealand have warned the mutating Log4Shell bug is putting millions at risk. Credit: Yuichiro Chino/Getty Images

Microsoft says state-backed hackers from China, Iran, North Korea and Turkey are using the weakness to deploy malicious software, or malware, including ransomware.

Belgium’s defence department was breached this week, via a computer with internet access, the ministry said in a statement.

Cyber security firm ESET said it had blocked hundreds of thousands of attack attempts, mostly in the US and UK, but warned nearly 180 countries were in the firing line.

Australia was number seven in the top 20 countries with the most exploit attempts, as of December 20.

The bug involves a software component that logs information so developers or IT support staff can look at what’s happening in the program, and it’s used by millions of computers worldwide running online services.

Cyber criminals can use the weakness to get access to set up ransomware and install back doors for future access.

“It makes everyone a possible target from ransomware attacks,” technology expert Shane Day at Australian cyber security firm Unify Solutions said.

“It’s not the kind of Christmas present anyone wants to receive and could make for a very unhappy New Year.”

The UK’s cyber agency said…

Source…