Check Point stated that it has seen attempts to exploit the vulnerability in over 40% of corporate networks worldwide.
A US official stated that Log4shell was a security flaw that posed a serious risk to the system. Companies warned it was being used by criminal organizations.
Although fixes have been issued, they must be implemented. Cloud services and popular applications were affected.
‘Specific address’
Log4J is a Java programming language that contains the flaw. It’s used by millions of computers to run online services.
It had been downloaded 84,000,000 times in the past four months from the largest open-source Java component repository, Brian Fox, security company Sonatype.
Cyber-security professionals often use words such as “critical” or “emergency to describe major flaws.
However, in this crisis, a different word has stood out: “trivial”.
Crowdstrike says that the weakness everyone is trying fix is trivial to exploit.
It is not uncommon for a vulnerability to be found in a computer system and it can often be fixed within a short time.
Cyber-criminals must find a way to attack, and often only the most intelligent crews can do this in the first few hours.
It is however, quite simple in this instance.
Although we don’t know the exact number of attempted attacks that are successful, this incident could prove to be very costly for companies that become victims.
There is very little we can do for the average person.
Check that your software and apps are current. Send your thoughts, prayers, and hugs to the IT team around the globe trying to solve this problem.
2px presentational gray line
The flaw was discovered by researchers at Alibaba, a Chinese technology company.
After being discovered to be affecting certain sites that use Minecraft with Java, it was quickly noticed by the public.
The Apache Software Foundation, which manages Log4j, issued a fix before the flaw was publicized. It rated the problem as a “10”, the most serious level, prior to the flaw being made public.
John Graham-Cumming, chief technology officer at Cloudflare, stated that “This is the third serious flaw in a wide variety of Internet services: Heartbleed 2012, ShellShock 2014, and Log4Shell 2021”.
‘Urgent challenge’
Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, also stressed the urgency.
She wrote, “To be precise, this vulnerability poses severe risk.”
It was widely used by hackers and “presents a challenge to network security defenders due to its widespread use.”
The UK National Cyber Security Centre stated that “This is an important vulnerability” and urged organisations to immediately follow the advice of experts on how to mitigate it.
Microsoft researchers claimed that they have seen Log4shell hackers to:
Install malicious software to mine crypto-currency
Log-ins and passwords stolen
Extract data from compromised systems