Notes

Australia Faces another Global Bug

The COVID-19 virus has ravaged every aspect of our lives and now another bug is at risk.



Businesses and hospitals with employees who work remotely or on the move are at the forefront of the epidemic.



Over the Christmas break, the Australian Immunisation Register as well as the Medicare and Pharmaceutical Benefits Scheme portals required urgent updates.



So far, they're winning the battle against intruders.



"We're not aware of any data being disclosed by third party vendors and we continue to actively work with developers to transition," Services Australia general manager Hank Jongen told AAP.



But a simple scan by experts sifting for intrusion may not be enough to defend against malicious attacks.



Cyber security experts warn that hackers can be able to hide in software systems and could be in the system for a long time.



Cyber-attacks are increasing as our lives and our livelihoods increasingly go online, but the so-called Log4j vulnerability is particularly dangerous.



A flaw in a piece of software affects the Log4j Java system, which millions of Australians use, often without knowing at home and work computers, phones or other supposedly safe apps.



Microsoft suggests regular reviews and scans for new instances of malicious codes and messaging.



Microsoft states that "Due to the multitude of software and services affected as well as the pace of updates, it is likely that this will be an extended time to remedy and will require continuous, sustainable vigilance."



The United States announced last week it would sue companies that don't protect themselves against the bug and its variants.



Australia would likely do it if its laws allowed this kind of decisive action.



The US Federal Trade Commission (FTC) says the vulnerability is being widely exploited by a growing set of attackers, posing an extremely danger to millions of users of consumer products as well as enterprise software and web applications.



Experts believe that China-based groups Hafnium, Aquatic Panda, and hackers based in Iran quickly launched attacks after the first flaw was discovered in December.



"When vulnerabilities are discovered and exploited it risks a loss of personal information as well as financial loss, among other irreversible harms," warned the FTC in a blog post.



The US Cybersecurity and Infrastructure Security Agency warns that no single step will fix the problem.



The obligation to act is outlined by US law which is applicable to Australian organizations operating in the United States.



The FTC declares that it will make use of its "full legal authority" to pursue businesses that fail to take reasonable steps to protect the privacy of their customers' data from being exposed in the event of Log4j or similar vulnerabilities in the near future.



Equifax, a credit firm was unable to fix a known vulnerability and exposed personal data of 147 million customers. Teen time It was forced to settle for $US700 million ($A974million).



Back home, Services Australia is responsible for the personal information of millions of Australians but is linked to hospitals, aged care homes , and other service providers whose systems need to be flexible, but are typically fragile.



Remote access software for data and applications such as the MobileIron products used in Australia and elsewhere has proven to be an easy entry point for burglars.



The Australian Industry Group has warned that a wide range of apps could be at risk, affecting individuals, businesses and supply chains for business.



Ai Group states that a vulnerability in their defenses could allow malicious actors to create malicious "logs" which could be used to take control of computer systems and data.



The United Kingdom, United States, Canada and New Zealand are also tackling the bug and its variants.



"The Log4Shell vulnerability within MobileIron products is being actively targeted and exploited," the UK's National Health Service has warned.



Software developers and organizations including Java's Apache and MobileIron have acted swiftly.



Apple's iCloud, the platform for distribution of games Steam and Minecraft have also patched holes.



Stuart Robert, Australia's Employment Minister, has encouraged all businesses in Australia to address the issue seriously.



"It is a serious virus, serious piece of malware," he says.



"I've been urging all businesses to take action at a level of urgency to ensure that their servers, specifically their web servers, and any remote access through MobileIron are appropriately patched and should be doing it now."



All levels of government including companies and universities in Australia, have been warned to scan and update their software in order to stay safe.



Microsoft says it has observed many attackers adding these vulnerabilities to their existing malware kits and tactics, from cryptominers to hands-on keyboard attacks.



"Organisations may not realise their environments are already compromised," the firm says.



"At this point, users should be prepared for the possibility of widespread access to exploit codes and scanning capabilities to pose an actual and immediate threat to their systems."



Many of Australia's health and old care providers claim on taxpayer funds by using the ageing business-to-government (B2G) software. They were warned to respond, but they may not have received the warning.



Services Australia advised that customers should switch to web-based services as soon possible in an email to developers in late December.



"The agency is committed to moving away from the old technology to adapt for online claims as soon as possible.



"This is becoming more urgent due to the emerging global Java vulnerability."



A federal parliamentary committee was informed in the summer of last year that the agency blocks about 14 million suspicious emails each month and must perform security reviews, updates and patches to fix bugs.



Services Australia is now working closely with the Australian Cyber Security Centre on the ever-changing threat.



Mr. Jongen stated that Services Australia would continue to implement the ACSC's mitigation and detecting recommendations.



"The ACSC is working with all vendors in order to discover and reduce Log4j vulnerabilities.


Read More: https://www.teen-time.net/