A month after the discovery of a critical bug in Log4Shell, the security industry is still trying hard to make everyone safe. And the latest one to warn the world about this exploitation is the Dutch cybersecurity agency.
The Netherlands National Cybersecurity Centre (NCSC) has issued a warning this Thursday, advising companies to remain vigilant about the potential Log4Shell attacks. It says the directors should check their company’s infrastructure to be strong, and avoid any hacks.
Warning On Potential Log4Shell Attacks
First discovered in mid-December, the bugged Log4j package has turned into a serious headache to the security professionals lately. The open-source Java package used for logging data was infested with a critical bug, which is triggering remote exploits for many. Though the maker Apache Foundation has released a patch, it’s still the duty of end system admins to apply it on time.
And they delaying to work on is what’s causing the real trouble. There have been many exploitations noted after that, including Microsoft warning its Azure customers to be vigilant. Now, the Dutch National Cybersecurity Center has come up with a similar warning on Thursday.
In its warning notice, the NCSC said that it’s “expected that malicious parties will continue to search for vulnerable systems and carry out targeted attacks in the coming period.“ Even though the aftermath of Log4Shell patching is “not too bad“, NCSC advises the companies to regularly check their vulnerable systems and “apply updates or mitigating measures where necessary.”
There have been a number of Log4Shell exploits released on the web, from various access brokers of ransomware gangs, and even the state-backed hacking groups belonging to China, Iran, North Korea, and Turkey. Thus, checking any susceptible system for traces of infection and applying the patches is highly recommended.