Hackers are looking into Log4Shell vulnerabilities to carry out potentially widespread malware attacks. As such, thousands of government websites, specifically in Canada, have already decided to shut down nearly 4,000 sites to prevent any cyberattacks.
Hackers' Log4Shell Malware Attacks
As per the report by Bleeping Computer, cyberattackers have already scanned for the Log4Shell vulnerabilities in servers that use the Log4j logging system.
It comes as hackers are gearing up to exploit the said security vulnerabilities found in thousands of enterprise websites around the world.
As such, hackers could potentially plant malware to the systems of sites, which use the said logging system due to the latest critical security vulnerability.
That said, the Java-based logging platform that goes by the name Apache Log4j has already publicly revealed the critical zero-day vulnerability to the public, which is now dubbed as the "Log4Shell."
Malware Vulnerabilities Shuts Down Thousands of Government Websites
According to the news story by CBC Canada, Quebec announced that it is temporarily shutting down about 4,000 provincial websites in the region, including those for education, health, and even public administration.
These websites run by the government of Canada are using the compromised logging system, Apache Log4j. Thus, exposing them to potential malware attacks from hackers.
The minister for government digital transformation of Quebec, Eric Claire, said that a total of 3,992 websites are at risk of the Log4Shell malware attacks.
Nevertheless, the Quebec minister further revealed that, as of now, there is no evidence that these government sites have fallen victim to the hackers who are exploiting the widely used logging system.
As such, Claire went on to clarify that the temporary shutdown of the numerous government platforms is meant to be a "preventive measure" against potential massive cyberattacks.
What's more, he further noted that the cyber security threat found on the Apache logging system platform carries a critical level of 10 out of 10.
That said, the Quebec official disclosed that at that critical level, "the new protocols by the head of government information" states that it "automatically calls for the closure of the targeted systems."
It is worth noting that the affected government websites will go back online once the logging system vulnerabilities have been fixed.
Bleeping Computer said in the same report that Apache has already released a security update patch to fix the said vulnerability.
But still, the threat actors have already scanned and exploited some of the critical servers with malware, which means that they have taken over them early on even before the patch was deployed.
This article is owned by Tech Times
Written by Teejay Boris