Security Exploitation of vulnerabilities on the Internet exploded over the weekend

The Cyber ​​Security Center requires application administrators to respond quickly.

Security researchers reported last week about a vulnerability found in the Log4j component of Apache, an open source software organization.

The number of exploitation attempts related to the vulnerability exploded during the weekend, says the Finnish Transport and Communications Agency’s Traficom Cyber ​​Security Center.

“A pretty good summary of the situation is that the internet is on fire and the average citizen can’t do anything about it,” says the centre’s security expert. Juho Jauhiainen.

Situation is serious. Log4j is very widely used in many applications, and the vulnerability affects virtually every Internet user.

As recently as last week, the vulnerability of Log4j had been used in Finland mainly to extract cryptocurrency, but on Monday the Cyber ​​Security Center had to change the classification of its warning.

“Organizations are now under a lot of pressure to update this vulnerability,” Jauhiainen says.

The Cyber ​​Security Center says that applications affected by the vulnerability are listed, for example On Github.

See also  Crisis in Russia reveals real fissures in Putin's authority, says US

Problem is extensive and multi-layered, which can take weeks or even months to repair.

Log4j could even be thought of as a popular lock model. A master key has been found in the lock that can be used for criminal purposes, such as phishing. Now all locks need to be replaced. The problem, however, is that users of applications cannot do this themselves.

The vulnerability in the component provides access to the application server by a knowledgeable person. The hacker could then, for example, try to fish the data there by entering a new code on the server.

“This vulnerability allows for the first phase of that attack,” Jauhiainen says.

Log4j is used in a wide variety of devices and applications connected to the Internet, which also poses stratified risks for businesses.

Security Director of the telecom operator Dna Seppo Pekonen says the company began taking safeguards as soon as the vulnerability information was released. He also cites the prevalence of the component as the biggest problem with the vulnerability.

See also  From the war in Ukraine to Africa, here's what doesn't add up in the media story

“Vulnerability attack vectors are constantly evolving significantly. That is why proactive safeguards are important. ”

Security measures can reduce the likelihood of attacks.

“We have comprehensively protected our environment and the services we provide to our customers,” Pekonen assures.

Also the director responsible for cyber security at Osuuspankki Teemu Ylhäisi says the bank has performed well in its hedging and is following the recommendations of the Cyber ​​Security Center.

“We have also taken new measures to prevent the vulnerability from being exploited,” Ylhäisi tells HS.

Cyber ​​Security Center Jauhiainen estimates that the vulnerability detected last week is the worst security problem revealed in recent years.

According to him, the most critical services can be updated in the next few days, but it will probably take weeks, even months, to solve the whole problem.

Jauhiainen believes that companies respond quickly, even though all vulnerable components can hardly ever be updated.

“Even if Microsoft or another similar big player releases an update quickly, how quickly will organizations that use it update their devices and systems?”

See also  At least 39 dead in a fire in a center of the National Institute of Migration in Ciudad Juárez

.
#Security #Exploitation #vulnerabilities #Internet #exploded #weekend

Related Posts

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recommended