The BSI publishes an update on their report: "Red warning level: Log4Shell vulnerability leads to an extremely critical threat situation" with new findings and further developments.
According to the Federal Office for Information Security (BSI), the vulnerability called “Log4Shell” in the widespread Java library Log4j continues to lead to a critical IT security situation. The BSI provides current information on its special Log4j page at.
As before, there is still no final clarity as to which IT products are vulnerable to "Log4Shell". The Dutch partner authority of the BSI, to which the BSI itself also contributes, maintains an overview of the vulnerability status of numerous IT products.
List of vulnerable products not yet completed
The vulnerability is currently being exploited around the world with various forms of attack. In addition to attacks with crypto miners (this means that the systems concerned are misused to calculate crypto currencies) or bot networks (the systems concerned are integrated into bot networks with which, for example, DDoS attacks are carried out), the first known ransomware attacks. In ransomware attacks, computers or entire networks are encrypted and those affected are extorted for ransom.
From the point of view of the BSI, a widespread exploitation of the vulnerability and further successful cyber attacks can be expected. These can still follow in a few weeks and months if the weak point mentioned is now used for an initial infection.
The first attacks are ongoing - more are expected
It is therefore still important to implement the IT security measures recommended by the BSI as quickly as possible. If security updates are available for vulnerable IT products, these should be imported by all users. Manufacturers of IT products in particular are therefore required to check their products and, if necessary, secure them with security updates.
In particular, companies and organizations and government agencies at all levels have to act urgently. Short-term protective measures are also available for these, which, although they do not close the vulnerability, can prevent or make it more difficult to exploit them. In addition, detection and response measures should be strengthened.
End users only endangered by IoT
Consumers are less at risk because the Java library in question is less widespread on end devices. However, individual applications and smart devices (IoT devices) can be vulnerable. Consumers are generally dependent on the manufacturers of these products taking appropriate security measures and, for example, providing security updates. The existing short-term protective measures can usually only be implemented by experienced users.
The BSI will continuously update its cyber security warning and its recommendations for action. The National IT Crisis Response Center at the BSI remains active. The BSI is in close contact with national and international partners.
More at BSI.bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.