Everything About the Log4j Bug That Led to S’pore Authorities Holding 2 Emergency Meetings in a Week


While everyone is taking it slow for we are getting ready to celebrate the end of another year, hackers are now pumping up their engines and finding loopholes in the systems.

Unfortunately for us, a major loophole is found and we might all be in trouble.

Everything About the Log4j Bug That Led to S’pore Authorities Holding 2 Emergency Meetings in a Week

On 9 Dec, a vulnerability, Log4Shell, was highlighted by researchers at LunaSec. It was discovered in the Microsoft-owned game Minecraft.

Normally, an issue in a digital game is a common occurrence but this time, because Minecraft was using a common software package called Apache Log4j2, this means trouble.

Apache Log4j software is an open-source Java-based logging utility that is used for logging and keeping track of changes in many applications. This ranges from social media to gaming to online shopping and banking.

In short, various cloud services like Steam and Apple iCloud were found to be vulnerable as they use Apache Log4j2, too.

What Can Hackers Do?

This small flaw which could be easily exploited by adding a line of code could let hackers take full control of computer systems.

This means hackers could steal and delete data, lock up digital files with ransomware until they were paid, make fraudulent bank transfers and more.

However, they have to identify which systems use this utility first and that is considered a challenge for the utility is often hidden under layers of other software.

One of the Most Serious Flaws

According to the top U.S. cybersecurity defence official, Jen Easterly, she deemed the flaw to be “one of the most serious I’ve seen in my entire career, if not the most serious” for it allows easy, password-free entry.

The worst part is that hundreds of millions of devices depended on this software since it is extremely popular among commercial software developers.


Mr C.K. Chim, cyber-security firm Cybereason’s field chief security officer for the Asia-Pacific region, said the bug was severe because organisations did not consider Log4j to be part of their network which needs to be secured.

In fact, an employee is exposed to this data unknowingly when they upload or share confidential information on Web applications.

Mr Chim also added patching the affected software takes time and for some systems, the patch might not be possible.

This is why many global companies are on red alert finding fixes and patches for their systems.

Of course, Singapore is not excluded.

Singapore on Red Alert

Two emergency meetings were held by the Cyber Security Agency of Singapore (CSA) as Singapore raised the alert level to code red.

All of the government agencies which oversee the country’s 11 critical information infrastructure (CII) sectors such as banking and finance, transport and telecommunications were in the meeting.

CSA worked with these agencies to issue directions and more details on the bug. The agencies were also asked to patch their systems, take immediate steps to minimise abuse of the exploit and monitor any unusual activities.

Minister for Communications and Information Josephine Teo also asked businesses to act quickly and safeguard themselves.


Read Also: 

Featured Image: Facebook (Josephine Teo)