Log4j: the Belgian Ministry of Defense victim of a cyberattack

IT security experts were right to fear the Log4Shell security flaw, made public on December 10. Six days later, hackers took advantage of this vulnerability to paralyze part of the computer networks of the Belgian defense ministry, as a spokesperson for the French Ministry of Defense told Agence France-Presse (AFP) on Tuesday (December 21). army, Commander Olivier Séverin, confirming information from the Belga press agency.

“Quarantine measures” were quickly decided to “To circumscribe the infected elements (…). Analyzes and restorations are still in progress ”, he said, without giving further information about the perpetrator of the cyberattack.

The Log4Shell flaw affects a Java library called Log4j, a small module from the Apache foundation included in many software for “Journaling”, that is to say a statement of « logs » (system events). In some versions of Log4j, the flaw makes it very easy to take control of the machine that hosts it. The hacker can then try to circulate in the computer network of the victim and deploy ransomware and spy tools there.

Explanations: “Log4Shell”, the security flaw that sows panic on the Internet

Insufficiently applied dressing

Vulnerabilities are commonplace in the world of business computing, but Log4Shell is of particular concern because it appears easy to exploit and affects a large number of servers, those computers that provide our online services. This flaw can be corrected: a computer dressing has been available since the very day of its announcement public. But applying it to all potentially affected computers takes time. Some IT managers lack responsiveness, others have not aware that their servers are affected. Hackers, on the other hand, use their time to scan the computer networks of companies and institutions, looking for fallible servers they can take control of.

To date, no global institution or company has been the target of hackers exploiting this flaw, according to US cybersecurity experts. Until now, experts had mostly observed hackers who exploited this breach to install cryptocurrency factories – or cryptominers – on poorly protected servers.

However, further public announcements cannot be ruled out in the coming weeks. The American cybersecurity firm Tenable told AFP that it is, according to it, “The biggest and most critical vulnerability of the past decade”. During a press conference, Guillaume Poupard, the director general of the National Information System Security Agency (Anssi) judged that this flaw promised “A little painful end of year celebrations for many experts”.

Chat: find the answers to your questions about Log4j and the Log4Shell flaw

We wish to thank the author of this write-up for this amazing web content

Log4j: the Belgian Ministry of Defense victim of a cyberattack

Bofads