Powered by MOMENTUM MEDIA
defence connect logo

Powered by MOMENTUMMEDIA

Powered by MOMENTUMMEDIA

Cyber criminals are scanning Australian entities for vulnerabilities, cyber watchdog warns

Cyber criminals are scanning Australian entities for vulnerabilities, cyber watchdog warns

Australian business and households must urgently patch their applications and software products as malicious cyber adversaries conduct thousands of scans in search of the Log4j software vulnerability.

Australian business and households must urgently patch their applications and software products as malicious cyber adversaries conduct thousands of scans in search of the Log4j software vulnerability.

The Australian Cyber Security Centre (ACSC) has reported it is seeing malicious actors attempting to find Australian entities who remain vulnerable.

Thousands of software products that use this common piece of computer code are at risk, and many are yet to be fixed. Cyber attackers can break into an organisation’s systems, steal user passwords and login details, extract sensitive data, and infect its networks with malicious software causing widespread business interruption, if not fixed.

==============
==============

The ACSC released an updated advisory on Tuesday 21 December 2021, following advice first issued on Friday 10 December 2021.

Thousands of Australian organisations had already been subject to targeted reconnaissance, and many have been exploited and compromised according to Assistant Minister for Defence, the Andrew Hastie.

 “This requires immediate action."

“This is a serious vulnerability in affected systems, akin to leaving every door and window in your home unlocked on Christmas Eve.”

"Therefore I am calling on all Australian businesses and households to ensure their applications and products are patched and up-to-date, and to follow the ACSC advisories," Assistant Minister Hastie said.

The ACSC is aware of around 400 vendors who may use this library. These vendors are responsible for some of the most common software globally, including messaging and productivity applications, mobile device managers, teleconference software, web hosting, and even video games. The ACSC is working with a significant number of victims and affected vendors across all sectors of the economy.

Assistant Minister Hastie explained that even after patching, organisations must continue to monitor to see if any attackers are still lurking in their systems.

“It is absolutely critical that Australian businesses and households patch their systems and networks urgently before going on holidays."

"Not doing so will give our cyber adversaries an early Christmas present."

"Cybercriminals don’t take a holiday for the Christmas season - they are ruthless and opportunistic,” Assistant Minister Hastie concluded. 

The ACSC National Hotline 1300 CYBER1 (1300 292 371) is able to provide assistance as required.

Advice and mitigations are available for all Australian organisations at cyber.gov.au.

A detailed alert of the vulnerability has been published on the ACSC website.

[Related: New major Log4j attack vector found]

You need to be a member to post comments. Become a member for free today!