Canada shuts down 4,000 government websites fearing cyberattacks exploiting a critical vulnerability in Log4j

As a preventive measure, Quebec, Canada, decided to shut down some 4,000 government websites due to the risk of exploitation of a critical vulnerability affecting a popular registration system. Éric Caire, minister of digital transformation of the region, mentions that this vulnerability would put online platforms in the education, health and public administration sectors at risk of cyberattack.

The official assures that so far no exploitation attempts have been detected in government platforms, so the measure is completely preventive: “The risk is critical and according to the new protocols of the head of IT, we must close the vulnerable systems,” says Caire.

The risk is associated with a critical vulnerability in the Apache Log4j log library. Because most Quebec government websites use this tool, it was decided to discontinue its use temporarily, so they will be available again until the flaws in Log4j are addressed. Most vulnerable websites are quite unused, so authorities expect the outage to have minimal impact on the user experience.

Detecting this flaw is a relatively simple process, although depending on how system administrators address these issues the process could take a few days.

In this regard, cybersecurity specialist Eric Parent recommends adopting a systemic approach to address this class of vulnerabilities and thus minimize the risk of exploitation: “We have identified various threat actors exploiting this vulnerability, so it is better to be prepared.” The researcher concludes by mentioning that the best security recommendation is to shut down everything and restart the systems when the risk passes.

Other organizations have warned about this security risk; in recent days, multiple websites frequented by users of the popular video game Minecraft warned about the exploitation of this vulnerability, which could put at risk the enthusiasts of this video game.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.