According to analysts, a piece of flawed software known as Log4J has exposed large corporations to more than 1.2 million cyberattacks since last Friday because of its vulnerability. It’s already one of the most widespread security breaches in history, and it could take years to totally remediate the situation completely. Are you awake yet?
Log4J software, which is little-known but widely utilized, assists major corporations, such as Amazon, Apple, Tesla, IBM, and Twitter, in logging and tracking user activity across a variety of different apps. Currently, cyberattackers are employing the tool as an entry point into computers. Once inside, hackers can do the following:
Extract sensitive information from a file.
Join the machine to a “botnet,” which is a network of networked computers that is used to send spam and execute other criminal operations in large quantities.
Microsoft, which had its Minecraft game servers hijacked, is the only corporation that has been infiltrated so far using Log4J, according to the information available. Other companies are still conducting investigations, so it is unclear what the full extent of the impact will be.
Who is going to be fired as a result of this blunder?
There is no one. In their spare time, the Log4J project is maintained by a group of volunteers who code for the nonprofit Apache Software Foundation in addition to maintaining Log4J. It’s one of hundreds of open-source, volunteer-run groups that develops the free software that powers the operations of the vast majority of significant corporations worldwide.
To be fair, it’s possible that the volunteers’ day jobs were to fault for the fact that they were not aware of the problem until an Alibaba employee notified them on Nov. 24. After only a few weeks, the code had been revealed: Details about the weakness were revealed in talks on the Chinese social networking site WeChat, and the story quickly spread around the world.
What should I do now? The patch to solve the problem has already been developed by the volunteer team; however, corporate software developers will need to adapt and apply the patch. In addition, hackers who entered servers through the Log4J door are likely to have broken some windows while inside, allowing them to get beyond the first security patch.
The big picture: The United States government had already urged businesses last month to be particularly careful against internet attacks in the run-up to the holidays, which are a favourite time for cybercriminals to strike.