Municipalities of Almere and Hof van Twente put systems offline as a precaution by log4j
Almere and Hof van Twente have shut down some of their systems. These municipalities do this as a precaution, because of the vulnerabilities in Apache log4j. The municipality of Almere will decide on Tuesday morning which applications will be put back into use.
According to Omroep Flevoland, Almere has taken its Citrix systems offline, among other things. These are used by municipal employees to log in. The municipality is doing this as a precaution to prevent a possible cyber attack on the systems via the log4j vulnerability. The municipality of Almere worked on the systems during the night from Monday to Tuesday and will decide on Tuesday morning which applications can be put back into use. Then it must also become clear what the consequences will be for residents of Almere.
Hof van Twente says in a Facebook message that the municipality has also taken its systems offline as a precaution. The website of Hof van Twente currently refers to that message. The municipality states in it that it has taken its systems offline since Sunday evening, December 12. According to the municipality, the services are therefore ‘temporarily limited’, for example for issuing passports and driving licences.
Hof van Twente was the victim of a cyber attack at the end of last year, in which the systems of the municipality were infected with ransomware. The municipality states that it will do ‘everything possible to prevent something like this from happening again’. “We hope that we can bring the systems back online in the coming days, at the latest by the end of this week,” the municipality writes.
The vulnerability in Apache log4j was found late last week. This Java tool is used in various applications and services to keep logs. The vulnerability makes it possible to remotely inject and execute arbitrary code with the permissions of the Java application in question. Versions from log4j 2.0-beta9 through 2.14.1 are vulnerable. Updates have been released to fix the vulnerability; the problem has been fixed with version 2.15.0.
The NCSC recently warned of ‘a high probability of major damage’ in the short term and published a list of vulnerable software, although the organization also emphasizes that it is not yet complete. The list includes software from Microsoft, Cisco, Amazon, Oracle and McAfee, but also, for example, the Java version of Minecraft, for which Mojang recently released a security update. According to the NCSC, proof-of-concept code has already been published to exploit the vulnerability. The NCSC also receives reports that the vulnerability is being actively exploited.