Australians are urged to secure their computer systems against a serious software vulnerability being exploited by malicious actors around the world, including against organisations in Australia.
Assistant Minister for Defence, the Hon Andrew Hastie MP, said the Australian Cyber Security Centre (ACSC) had on Friday 10 December 2021, issued an alert on a vulnerability in the Apache Log4j software library that exposed systems to potential cyberattack.
The ACSC has now confirmed active exploitation of this vulnerability within Australia.
“Now is not the time for Australian individuals or businesses to be complacent about their cyber security,” Assistant Minister Hastie said.
“The flaw in the widely used Apache software library known as Log4j allows unauthorised users to quickly gain access to a computer system through the internet. The Log4j software library is found in a vast array of software and used by both individuals and businesses.
“The ACSC has since last week issued successive alerts and is working with organisations using the Log4j software library to ensure they patch vulnerable systems. But we know that malicious online actors are scanning networks in attempts to locate vulnerable servers, so it’s critical that Australian organisations act, and act fast.
“You wouldn’t leave the doors to your home or business unlocked when you go away this Christmas – and you shouldn’t do the same for your cyber security. We know about this vulnerability and cybercriminals do too, so it is vital that Australian users of Apache Log4j software patch their systems urgently to stay secure.”
The ACSC’s Joint Cyber Security Centres in each jurisdiction will facilitate awareness and advice sessions – details will be available on cyber.gov.au.
Assistant Minister Hastie said Australian organisations who utilise Apache Log4j2 versions should review their patch level and update to the latest available version, while the ACSC National Hotline 1300 CYBER1 is able to provide assistance as required.
Assistant Minister Hastie encourages vendors to identify their use of the Log4j logging library in their products, and develop the required patches to assist their customers to remediate the vulnerability on their systems.