According to the Director General of the National Information Systems Safety Agency, the security breach is “serious”.
Le Monde with AFP
After the discovery, last week, an important fault, the National Information Systems Safety Agency (ANSSI) provides for a few weeks for computer security officials, before a gradual return to normal .
The vulnerability is “serious” and “promises end-of-year celebrations a little painful for many experts,” said Guillaume Poupard, the CSRSI Director General. But “In a month we will probably talk about it probably, it will be residual,” he added, at a press conference about the future campus devoted to defense cybersecurity.
The vulnerability revealed last week is present in LOG4J, a small code module used by multiple software and applications around the world. Everywhere computer security managers are engaged in a race against the watch to determine if the servers used by their business use, or not, at log4j.
A hotfix published
The fault of this program is very easy to exploit and allows you to take the hand on the machines where this small code module is installed. A hotfix has been published, but computer hackers are automatically scanning the servers on any internet, to detect those who have not been protected yet.
For the moment, the hackers seem to have been able to use the fault only for relatively benign attacks, such as the clandestine installation of cryptominers (cryptomonnaire mining software).
Tuesday in the middle of the day, Mr. Poudoard confirmed that he had not been aware of proven use for more dangerous attacks, for ranks or data theft, for example. But “I’m afraid by digging (…) we realize consequences that can be relatively serious,” he said, adding: “My fear is that vulnerability has been exploited since a lot longer than we imagine. “