Singapore has convened emergency meetings with Critical Information Infrastructure (CII) sectors to gear up for possible dangers posed by the Log4j flaw. The country’s cybersecurity agency has issued notifications about a weakness in the Apache Java logging library and is “closely monitoring” the situation.
The initial warning was issued on December 14, with Singapore’s Cyber Security Agency (CSA) warning that the “critical vulnerability” might allow attackers to take complete control of compromised systems if properly exploited. It was underlined that companies only have a limited time to implement mitigating measures and do so as soon as possible.
It said that alerts were issued to CII sector heads and firms, ordering them to update their systems to the most recent version right away. In addition, the government agency worked with these CII representatives to implement mitigating measures.
The cybersecurity bill in Singapore includes 11 Critical Information Infrastructure (CII) sectors, allowing local governments to take proactive actions to secure these CIIs. The law establishes a legal framework that explains CII providers’ responsibilities in safeguarding systems under their control before and after a cybersecurity event. Water, healthcare, energy, banking & finance, and aviation are among the 11 “essential services” industries.
When the CSA published its December 14 notice, there had been no reports of Log4j-related breaches. The CSA published a new report on Friday, boosting the security flaw’s warning level. According to the report, the vulnerability might have significant ramifications because software developers frequently employ Log4j.
“The situation is evolving rapidly and there have already been numerous observations of ongoing attempts by threat actors to scan for and attack vulnerable systems,” the government agency said. “There have been two emergency meetings by CSA with all the CII sector leads to issue directions and technical details and heighten monitoring for unusual activities.”
On Friday, a meeting with trade groups and chambers was convened to underscore the seriousness of the Log4j vulnerability and the urgency for all organizations, especially small and medium-sized businesses. Singapore CERT said in its library flaw alert that several earlier stop-gap remedies were no longer suggested since they were insufficient. The system property could be set to true, or the logging settings could be changed to stop message lookups.
Software developers who use Log4j in their products should identify and produce patches for impacted products, as well as warn consumers so that software upgrades are prioritized. CSA said it was in communication with other international agencies and Asean member states’ Computer Emergency Response Teams (CERTs) to exchange information on Log4j’s newest advances. It asked organizations affected by the vulnerability to notify SingCERT if they find evidence of a breach.