Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Cyber criminals are scanning Australian entities for vulnerabilities, cyber watchdog warns

Australian business and households must urgently patch their applications and software products as malicious cyber adversaries conduct thousands of scans in search of the Log4j software vulnerability.

user icon Nastasha Tupas
Tue, 21 Dec 2021
Cyber criminals are scanning Australian entities for vulnerabilities, cyber watchdog warns
expand image

The Australian Cyber Security Centre (ACSC) has reported it is seeing malicious actors attempting to find Australian entities who remain vulnerable.

Thousands of software products that use this common piece of computer code are at risk, and many are yet to be fixed. Cyber attackers can break into an organisation’s systems, steal user passwords and login details, extract sensitive data and infect its networks with malicious software causing widespread business interruption, if not fixed.

The ACSC released an updated advisory on Tuesday, 21 December 2021, following advice first issued on Friday, 10 December 2021.

============
============

Thousands of Australian organisations had already been subject to targeted reconnaissance, and many have been exploited and compromised, according to Assistant Minister for Defence, the Honourable Andrew Hastie.

“This requires immediate action.

“This is a serious vulnerability in affected systems, akin to leaving every door and window in your home unlocked on Christmas Eve.

"Therefore, I am calling on all Australian businesses and households to ensure their applications and products are patched and up-to-date, and to follow the ACSC advisories," Assistant Minister Hastie said.

The ACSC is aware of around 400 vendors who may use this library. These vendors are responsible for some of the most common software globally, including messaging and productivity applications, mobile device managers, teleconference software, web hosting and even video games. The ACSC is working with a significant number of victims and affected vendors across all sectors of the economy.

Assistant Minister Hastie explained that even after patching, organisations must continue to monitor to see if any attackers are still lurking in their systems.

“It is absolutely critical that Australian businesses and households patch their systems and networks urgently before going on holidays."

"Not doing so will give our cyber adversaries an early Christmas present."

"Cyber criminals don’t take a holiday for the Christmas season – they are ruthless and opportunistic,” Assistant Minister Hastie concluded.

The ACSC National Hotline 1300 CYBER1 (1300 292 371) is able to provide assistance as required.

Advice and mitigations are available for all Australian organisations at cyber.gov.au.

A detailed alert of the vulnerability has been published on the ACSC website.

[Related: New major Log4j attack vector found]

Nastasha Tupas

Nastasha Tupas

Nastasha is a Journalist at Momentum Media, she reports extensively across veterans affairs, cyber security and geopolitics in the Indo-Pacific. She is a co-author of a book titled The Stories Women Journalists Tell, published by Penguin Random House. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. Nastasha started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.