As a preventive measure, Quebec, Canada, decided to shut down some 4,000 government websites due to the risk of exploitation of a critical vulnerability affecting a popular registration system. Éric Caire, minister of digital transformation of the region, mentions that this vulnerability would put online platforms in the education, health and public administration sectors at risk of cyberattack.
The official assures that so far no exploitation attempts have been detected in government platforms, so the measure is completely preventive: “The risk is critical and according to the new protocols of the head of IT, we must close the vulnerable systems,” says Caire.
The risk is associated with a critical vulnerability in the Apache Log4j log library. Because most Quebec government websites use this tool, it was decided to discontinue its use temporarily, so they will be available again until the flaws in Log4j are addressed. Most vulnerable websites are quite unused, so authorities expect the outage to have minimal impact on the user experience.
Detecting this flaw is a relatively simple process, although depending on how system administrators address these issues the process could take a few days.
In this regard, cybersecurity specialist Eric Parent recommends adopting a systemic approach to address this class of vulnerabilities and thus minimize the risk of exploitation: “We have identified various threat actors exploiting this vulnerability, so it is better to be prepared.” The researcher concludes by mentioning that the best security recommendation is to shut down everything and restart the systems when the risk passes.
Other organizations have warned about this security risk; in recent days, multiple websites frequented by users of the popular video game Minecraft warned about the exploitation of this vulnerability, which could put at risk the enthusiasts of this video game.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.