For the security professional Amit Yoran, the matter is clear.
"The Apache Log4j Remote Code Execution Vulnerability is the biggest and most critical vulnerability of the last decade." The CEO of the service provider Tenable goes even further: "If all investigations are completed, we could actually determine that it is the largest single vulnerability in the history of modern computing. "
Stephan Finsterbusch
Editor in business.
Follow I follow
Thiemo Heeg
Editor in business.
Follow I follow
At the weekend, the Federal Office for Information Security (BSI) therefore declared the “Red Warning Level” for IT security. And on Monday, the opinion that the software vulnerability in the widespread Java library Log4j should be taken extremely seriously was strengthened everywhere. "The weak point is very easy to exploit," said BSI President Arne Schönbohm in a press conference. There are also indications that they have been around for a very long time. "Successful exploitation of the vulnerability enables a complete takeover of the affected system."
Now all products that use Log4j would have to be adapted, which should take a while.
Also because the software is anchored very deeply in systems, as a spokesman said - and in the worst case, companies themselves do not know anything about it if, for example, they have received software from third parties.
So far, the BSI has not received any reports of successful attacks, explained Schönbohm - but that is only a matter of time: “It can be assumed that successful attacks have also occurred in Germany and will also - if you don't protect yourself - will “, Said Schönbohm.
He pointed out that hackers could use the vulnerability to build backdoors and only slam it months later.
Even botnets are already active
It has been clear for a few days that cyber criminals see this as at least a wonderful target. They have been stepping up since the weekend to take advantage of the loophole. "Mass scans and attempted compromises are currently being carried out worldwide and throughout Germany," state the BSI and the Bitkom digital association. Evgeny Lopatin from security specialist Kaspersky gives the figures: "We are currently observing an active network scan to discover the vulnerability, and currently someone has checked more than 15,000 of our users for the vulnerability."
Some of the users could have been exposed to an attack attempt, so an initial conclusion from Kaspersky. The provider Sophos points out that even several automated botnets - that is, groups of thousands of computers that are remotely controlled by cybercriminals for certain actions - have also started to exploit the vulnerability.
The economy in Germany is on high alert. Several corporations polled by the Reuters news agency, including Volkswagen, Deutsche Lufthansa and Deutsche Telekom, said on Monday that they had increased their internal security measures and were closely monitoring the situation. So far, however, no attempted attacks have been recorded. According to the BSI, the federal administration and critical infrastructures are also affected by the software vulnerability. However, so far nothing is known of a successful exploitation. Germany's largest shipping company, Hapag-Lloyd, emphasized that the cybersecurity team had reacted and adapted the IT systems. Lufthansa called together a special force to check all systems and applications. Telekom said that all customers had been calledInstall updates as soon as possible.
Michael Littger, the managing director of the association “Germany Safely on the Net”, said that the current hacker attacks via Log4j highlighted the need to catch up on everyone involved in IT security.
Above all, the future will be about significantly strengthening the protective measures taken by affected organizations in the run-up to such events.