Washington — A senior U.S. security official said Monday that no significant disruptive or destructive cyberattacks, such as ransomware attacks, have yet been seen. Large Internet Defects Discovered a month ago, it warned that this bug could encourage malicious activity by criminals and foreign governments over the next few months or years.
The Biden administration has not identified a confirmed violation of a federal agency that relied on a flaw in its widely used software code. Known as Log4jAt a news conference, officials said they had not detected any foreign governments developing attacks that exploited bugs to perform network intrusions.
Still, authorities say the danger posed by Log4j, a free code that logs computer network and application activity, is serious and can be a long-term problem for large and small organizations due to the ubiquity of software. He said he was highly sexual.
“The scale and potential impact of this makes it very serious,” said Jen Eastery, director of cybersecurity and infrastructure security agencies. There have been no major attacks so far, but Easternly sees the Log4j issue as the “most serious vulnerability” in decades of career and is a network that controls critical US infrastructure. He said he was concerned about the long-term risks to.
Easter Lee said the flaw has so far led to “widespread criminal activity.” It mainly consisted of installing cryptocurrency mining software or botnet code on vulnerable devices. She added that some hackers may be waiting undetected to enter the network for further damage, as affected organizations often do not report intrusions to the government. He said there is a limit to what CISA knows.
Researchers describe a flaw in Log4j that was published a month before it was discovered. By Chinese security teamI was particularly worried because free Java-based software is used in a variety of products such as security software, network tools, and video game servers. It’s impossible to know the exact number of users of Log4j, but according to the Apache Software Foundation, the organization that builds the software, the software has been downloaded millions of times.
The public catalog of products that were discovered and found to be flawed by CISA received more than 2,800 submissions detailing Log4j-related issues for various commercial products with embedded code. She said hundreds of millions of individual devices are likely to be at risk.
The government did not confirm that foreign government-backed hackers were exploiting a flaw in Log4j, but “of course, that could change,” said CISA’s Executive Assistant Director for Cyber Security. One Eric Goldstein said. High-ranking government officials have individually stated that they expect such activities to be unavoidable.
With multiple US-based cybersecurity companies
In December, he said he identified hackers related to China, Iran and other governments exploiting the Log4j vulnerability. The US government is often slower than private companies, given the geopolitical importance of formal attribution of cyberattacks to foreign governments.
The overseas impact of Log4j bugs is so far more pronounced than in the United States. The Belgian Ministry of Defense has reported a system breach. In addition, companies ranging from German chemical companies to Milwaukee-based industrial parts suppliers are rushing to take some precautionary measures offline to strengthen their networks.
Last week, the Federal Trade Commission urged organizations to address Log4j deficiencies in products with available patches to avoid exposure to potential legal action from government agencies.
Write in Dustin Voltz email@example.com
Copyright © 2022 DowJones & Company, Inc. all rights reserved. 87990cbe856818d5eddac44c7b1cdeb8
Cyber officials warn of long-term fallout from Log4j cyber flaws
Source link Cyber officials warn of long-term fallout from Log4j cyber flaws
The post Cyber officials warn of long-term fallout from Log4j cyber flaws appeared first on Eminetra.