the Belgian defense ministry paralyzed by an unprecedented threat

Since December 16, part of the Belgian government has been plagued by a hacker attack exploiting a Log4Shell flaw.

Made public on November 24 by the Chinese group Alibaba, cybersecurity experts were right to fear this Log4Shell flaw. Barely a week later, hackers managed to exploit the computer vulnerability to damage part of the Belgian Ministry of Defense network.

Formalized on December 21 by a government spokesperson, the attack quickly triggered the outbreak of “Quarantine measures”, to “To circumscribe the infected elements (…). Analyzes and restorations are still in progress ”.

Log4Shell, a major flaw

Recently discovered, the Log4Shell flaw represents a major crisis in the small world of cybersecurity. The latter affects the Java Log4j library, usually intended to receive links to web pages. By replacing these with lines of Java code, it is however possible torun these directly on the server concerned… And therefore to take control of the machine that hosts it.

With a scope whose extent is still unknown, this security flaw potentially affects all servers hosting a Log4j library. iCloud, Steam or even Minecraft are thus concerned, without knowing whether pirates have already attempted a breakthrough. However, this shutdown of the Belgian defense ministry seems confirm the fears of experts.

Log4Shell worries. For the American cybersecurity firm Tenable, this would be “The biggest and most critical vulnerability of the past decade”. However, she herself is not untouchable. Since the day of its discovery, a patch has been uploaded to secure the servers and avoid the spread of Log4Shell. Patch which must however be applied manually on the machines concerned, which still leaves a little time for hackers to take control of badly protected servers.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button