Sunday 12 December 2021
affected by the log4j vulnerability
Many authorities are ready for hacking attacks
BSI has received a red alert since the log4j security gap became known. According to a report, it has now also become clear that several points in the federal administration were potential gateways to hacker attacks – as is known so far, but without consequences.
According to a report, several positions in the federal administration were vulnerable to cyber attacks due to serious security gaps. According to “Spiegel”, it was the result of reviews by the Federal Office for Information Security (BSI). Its background is the Log4j program library, which is susceptible to hacker attacks and is used by single-digit numbers of federal officials.
“If there is a weak point with this distribution, the federal administration is also affected,” it tells BSI. The Authority is aware of individual vulnerable systems and appropriate protective measures have already been initiated. So far there has been no indication that the weak point in the federal administration has actually been exploited. At least in some cases, BSI was able to understand that the problems had already been resolved.
Hackers could theoretically reload their own malware through the vulnerability and thus steal data. IT experts around the world have been warning since Friday that Log4j is an extremely comprehensive program library.
On Saturday, the BSI announced the highest, red alert level due to a security gap. At the same time, the agency’s IT Crisis Response Center was activated, according to “Spiegel”. It is an extended status center with many people dealing with the problem round the clock.
The vulnerability was also discussed at the National Cyber Defense Center. According to the report, the Interior Ministry was informed several times about the current events, as this topic may play a role in Monday’s federal press conference. In addition, a single-digit number of companies in the critical infrastructure sector told BSI that they were affected by the vulnerability.