icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
17 Dec, 2021 16:13

Singapore urges ‘vigilance’ over critical software bug

Singapore urges ‘vigilance’ over critical software bug

Singapore’s Cyber Security Agency (CSA) has raised the country’s alertness level on the Log4j software flaw, joining a growing list of governments and industry experts to sound the alarm over the critical vulnerability.

The CSA said on Friday that it had held two emergency meetings over the past week with government agencies in charge of the country’s 11 critical information infrastructure (CII) sectors, including telecommunications, transport, banking, and finance.

In a Facebook post, Minister for Communications and Information Josephine Teo said both the CSA and the Government Technology Agency were patching official systems “thoroughly,” but warned CII firms to “stay vigilant” as the flaw’s “ease of attack” makes it “too attractive for bad actors.”

Noting that the “situation is evolving rapidly,” the CSA said it had detected “ongoing attempts by threat actors” to “scan and attack vulnerable systems.” The agency added that it had not received reports of breaches relating to the bug, which stems from the Apache Software Foundation’s widely-used open-source Java logging utility, Log4j.

Described by the security company Tenable as the “single biggest, most critical vulnerability of the last decade,” the flaw allows hackers to easily overpower systems running the tool and mount ransomware attacks by stealing, deleting, and locking data. Some estimates have pegged the number of attacks that have exploited the bug over the past week at more than 1.2 million.

Several US government officials and agencies have issued warnings about the bug’s seriousness. Homeland Security Secretary Alejandro Mayorkas reportedly told the German Marshall Fund of the US on Thursday that the problem was “uppermost in our action plans.”

The challenge it presents is its prevalence, because they attacked a software that is omnipresent, and then there’s a vulnerability that has been exposed and others can jump in in the exploitation of that vulnerability and really multiply the harm.

Meanwhile, a senior Biden administration official revealed that a number of federal government systems have been affected by the flaw. Speaking to Bloomberg Television on Thursday, Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said she expects the number of systems affected by the vulnerability “to grow.” The US Patent and Trademark Office was thought to be among those affected.

Podcasts
0:00
27:48
0:00
29:53