Notes

Australia Faces another Global Bug

The COVID-19 virus has devastated every aspect of our lives. Now another one is in the wild.



Businesses and hospitals that have employees who work from home or on the go are at the forefront of the problem.



The growing Australian Immunisation Register and the Medicare and Pharmaceutical Benefits Scheme portals all required urgently updated over the Christmas break.



So far, they're winning the fight against intruders.



"We're not aware of any data being exposed by third-party vendors and we continue to actively collaborate with developers to make the transition," Services Australia general manager Hank Jongen told AAP.



But a first pass by experts scanning for intrusions may not be enough to protect against malicious attacks.



Cyber detectives warn that intruders can be able to hide in software systems and be there for many years.



Cyber threats are on the rise as our lives and our livelihoods increasingly move online, but the so-called Log4j vulnerability is particularly noxious.



A flaw in a component of software can affect the Log4j Java system that millions of Australians use, often unknowingly at home and work computers, mobile phones or other seemingly secure apps.



Microsoft suggests regular review and scans to detect new attacks on malware-related codes and messages.



"Due to the many software and services impacted and given the pace of updates, it is expected to take a long time for remediation, requiring continuous, ongoing, and sustainable vigilance," Microsoft says.



The United States announced last week it would sue companies that don't safeguard themselves against the virus and its variants.



Australia could likely do the same if laws in the country allowed such a decisive action.



According to the US Federal Trade Commission (FTC) the vulnerability is being exploited by a rising number of hackers, creating the risk of serious harm to millions of consumer products, enterprise applications, and web applications.



Experts believe that China-based organizations Hafnium, Aquatic Panda, and hackers with a base in Iran immediately launched attacks following the first flaw was discovered in December.



"When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms," the FTC warned in a blog post.



The US Cybersecurity and Infrastructure Security Agency warns that no one action will fix the problem.



Under US law there is a legal obligation to take action, which includes Australian organizations that operate in the United States.



According to the FTC it will make use of its "full legal power" to sue companies that fail take reasonable steps to safeguard consumer information from exposure due to Log4j or similar vulnerabilities in the future.



When credit firm Equifax did not patch a known vulnerability and exposed the personal data of 147 million customers and subsequently was forced to settle a claim of $US700 million ($A974 million)



Back home, Services Australia is responsible for the personal information of millions of Australians but it is also linked to hospitals, aged care homes and other service providers whose systems have to be flexible but are typically fragile.



Intruders have uncovered remote access software that allows access to applications and data, including MobileIron products in Australia.



The Australian Industry Group warned that many apps could be vulnerable. This could affect individuals, businesses, and supply chains.



"A hole in their defences could allow malicious actors to create malicious "logs' which could take control of computer systems and data," Ai Group says.



The bug and its variants are being addressed by the United Kingdom, United States of America, Canada, and New Zealand.



"The Log4Shell vulnerability within MobileIron products is being actively targeted and exploited," the UK's National Health Service has warned.



Organisations and software developers including Java's Apache and MobileIron have acted swiftly.



Apple's iCloud as well as the game distribution platform Steam and Minecraft have also patched up holes.



Stuart Robert, Australia's Employment Minister, has encouraged all businesses in Australia to address the issue seriously.



"It is a serious virus, serious piece of malware," he says.



"I've been urging all businesses at a degree of urgency to ensure their servers, particularly their web servers and any of their remote access via MobileIron are patched appropriately, and they should be doing it now."



Australian businesses, universities, and all aspects of government are being warned to, at minimum, follow the steps to scan and update software to safeguard themselves.



Microsoft claims that it has seen many attackers incorporate these vulnerabilities into existing malware kits and techniques. These include keyboards that are used for hands-on attacks.



"Organisations might not be aware that their environment is already compromised," the firm says.



"At this point, customers should assume that the widespread availability of scan and exploit codes is an immediate threat to their environments."



Many Australian aged health and care facilities take advantage of taxpayer money using the dated business-to-government (B2G), software. They were warned to take action, but might not have received the memo.



"We recommend that you transition your customers to web-based services as soon as is possible," Services Australia said in a note to developers in December's final days.



"The agency is committed to moving away from ageing adaptor technology for online claims as soon as is possible.



"This is becoming more urgent due to the growing global Java vulnerability."



A parliamentary committee of the federal government was informed in the summer of last year that the agency blocks approximately 14 million emails that are suspicious each month and must perform security reviews, updates and patches to fix bugs.



Services Australia is now working closely with the Australian Cyber Security Centre on the growing threat.
minecraft textures


Mr Jongen declared that Services Australia would continue to implement the ACSC's mitigation and detecting recommendations.



"The ACSC are working with all vendors to ensure that Log4j vulnerabilities are identified and mitigated.


Read More: https://minecraft-texture-packs.net/