Wednesday 15 December 2021
During the night of Saturday 11 to Sunday December 12 a vulnerability was discovered in Log4j. This vulnerability creates a risk of the highest level (10/10) for all types of web applications and servers. NRB's security teams have already taken measures during the weekend. The necessary steps are being taken for all systems of NRB and its customers in which no intrusions have been detected so far. NRB advises all other organizations to take the necessary steps as soon as possible.
The vulnerability was discovered in Log4j (version 2 to 2.15). Log4j is a standard function in a Java stack, the most widespread middleware for software development, that allows logging to take place. The vulnerability is especially a risk for web servers - mostly Apache servers - where it allows an external user to take over administration rights of the server in this way.
On Saturday night the first alerts came in to NRB's security team. This was immediately investigated and confirmed on Sunday morning by NRB's threat list system, including the CERT advisories. The security team took immediate action. All accesses to the applications and systems were put on the highest level of alert. Antivirus agents were given the necessary updates. An inventory was made of all applications using log4j and the necessary updates were made with the patches provided by the suppliers of the systems concerned.
NRB has carried out systematic research and penetration tests on the systems and applications of NRB and its clients. This showed that some attacks were indeed detected but that none were successful. The plan of remediation has been drawn up. All relevant systems of the organizations under the care of NRB were addressed. The other customers have been addressed and will receive the necessary instructions and patches (which are also available via this link on the portal of Cybersecurity Center Belgium).
NRB clients can of course always contact their usual Service Delivery Manager or Business Development manager and the NRB hotline remains at their disposal.
Needless to say, NRB is open to give advice or help where possible to all other organizations or companies, who can always contact our security team at IT-security@nrb.be with their questions.
The NRB Security team
Instance