Since a critical software vulnerability was discovered earlier this month, CIT staff have been busy preventing cyber-attack risks. And it’s not over yet. ‘This is the biggest issue I have seen at CIT.’
Hundreds of UG servers and applications have been checked by the CIT over the last several days, resulting in some of them going temporarily offline in order to be patched. But that was the only way to mitigate the impact of the vulnerability in Apache’s Log4j-application that put at risk online systems worldwide.
The UG is one of the many organisations that use the Apache open-source software, a part of which turned out to potentially allow unauthorised users to take control of the system.
‘There were issues before, there will be issues again, but this is the biggest issue I have seen at CIT so far’, says CIT communications officer Sander van Lien.
Exploited
Every unfixed system may be exploited by hackers, who can compromise your data, explains Van Lien. ‘If we get hacked, it can affect you on very different levels depending on the attack.’
Fortunately, there have been no attacks detected so far, says Van Lien. Even though some services still remain unavailable – the list of them can’t be disclosed for security reasons – there have been no complaints from UG staff or students.
Patches
What complicates the matter, however, is that it’s unclear how many patches for code flaws will be released in the coming days and weeks. ‘Last Tuesday we thought the problem had been fixed, but since then two new patches have been made available’, says Van Lien. ‘And that will most likely continue.’
The Apache Log4j vulnerability poses potential risks that the National Cyber Security Center rates ‘high’ and advises organisations to be prepared for possible attacks, too. That means that CIT staff need to be on their guard during the coming Christmas break.
The CIT is always vigilant around the holiday season, which is known to be a prime time for cybercrime, says Van Lien. ‘But this year we will be extra alert.’
Basic rules
Is there anything that common users can do to protect their data, though? ‘Just be alert and follow basic rules’, says Van Lien. So watch out for suspicious emails, don’t click on phishing links and make sure to update your computers.
Those researchers who use self-built programmes are especially encouraged to keep their software and operating systems updated. If they’re in doubt on how to do so, Van Lien recommends turning off your systems during the festive period and contacting the CIT after the holidays.
‘Be vigilant, but enjoy your Christmas’, he adds.