Australian business and households must urgently patch their applications and software products as malicious cyber adversaries conduct thousands of scans in search of the Log4j software vulnerability.
The Australian Cyber Security Centre (ACSC) has reported it is seeing malicious actors attempting to find Australian entities who remain vulnerable.
Thousands of software products that use this common piece of computer code are at risk, and many are yet to be fixed. Cyber attackers can break into an organisation’s systems, steal user passwords and login details, extract sensitive data and infect its networks with malicious software causing widespread business interruption, if not fixed.
The ACSC released an updated advisory on Tuesday, 21 December 2021, following advice first issued on Friday, 10 December 2021.
Thousands of Australian organisations had already been subject to targeted reconnaissance, and many have been exploited and compromised, according to Assistant Minister for Defence, the Honourable Andrew Hastie.
“This requires immediate action.
“This is a serious vulnerability in affected systems, akin to leaving every door and window in your home unlocked on Christmas Eve.
"Therefore, I am calling on all Australian businesses and households to ensure their applications and products are patched and up-to-date, and to follow the ACSC advisories," Assistant Minister Hastie said.
The ACSC is aware of around 400 vendors who may use this library. These vendors are responsible for some of the most common software globally, including messaging and productivity applications, mobile device managers, teleconference software, web hosting and even video games. The ACSC is working with a significant number of victims and affected vendors across all sectors of the economy.
Assistant Minister Hastie explained that even after patching, organisations must continue to monitor to see if any attackers are still lurking in their systems.
“It is absolutely critical that Australian businesses and households patch their systems and networks urgently before going on holidays."
"Not doing so will give our cyber adversaries an early Christmas present."
"Cyber criminals don’t take a holiday for the Christmas season – they are ruthless and opportunistic,” assistant Minister Hastie concluded.
The ACSC National Hotline 1300 CYBER1 (1300 292 371) is able to provide assistance as required.
Advice and mitigations are available for all Australian organisations at cyber.gov.au.