Sunday December 12th 2021
Affected by the Log4j vulnerability
Multiple authorities vulnerable to hacking attacks
The BSI has had a red alert since the Log4j security gap was known. According to a report, it is now also clear that several points in the federal administration were potential gateways for hacker attacks – according to all that is known so far, but without consequences.
According to a report, several positions in the federal administration were vulnerable to cyber attacks because of the serious security gap. According to “Spiegel”, this was the result of reviews by the Federal Office for Information Security (BSI). The background to this is the Log4j program library, which is susceptible to hacker attacks and which is used by a single-digit number of federal authorities.
“If there is a weak point with this distribution, the federal administration is also affected,” it says from the BSI. The authority is aware of individual vulnerable systems and appropriate protective measures have already been initiated. So far there are no indications that the weak point in the federal administration has actually been exploited. At least in some cases, the BSI was able to understand that the problems had already been resolved.
Hackers can theoretically reload their own malware through the vulnerability and thus steal data. IT experts all over the world have been warning since Friday that Log4j is an extremely widespread program library.
On Saturday, the BSI announced the highest, red warning level because of the security gap. At the same time, according to “Spiegel”, the agency’s IT crisis response center was activated. This is an expanded situation center in which several people have been dealing with the problem around the clock since then.
The vulnerability was also discussed in the national cyber defense center. According to the report, the Interior Ministry had been informed several times about the current events, also because the topic could play a role at the federal press conference on Monday. In addition, a single-digit number of companies from the critical infrastructure area reported to the BSI that they were affected by the vulnerability.