What is Log4J and Why You Should be concerned?

 

Our story is about a vulnerability that is affecting digital systems across the Internet. According to an analysis, about 41% of corporate networks in India have already faced an attempted exploit.

A new vulnerability has been discovered in widely used software. It's causing mayhem on the Internet. Hackers are rushing to exploit the weakness, and its forcing cyber defenders to scramble for solutions. The security flaw has been found in a popular tool called Apache Log4J. The vulnerability is called Log4Shell. The flaw is being taken so seriously because the affected software is used in a wide range of devices that use Java software. It is embedded across programs by many companies. Worryingly security executives are predicting widespread abuse.

The vulnerability can potentially compromise millions of devices across the Internet. The log4J security vulnerability allows attackers to execute malicious code remotely on a target computer. Meaning, bad actors (hackers) can easily steal data, install malware, or simply take control of a system via the Internet

Marcus Hutchins, a prominent security researcher who is best known for halting the global WannaCry malware attack, emphasizes how deadly it can be. He even highlights Programs Like enterprise applications, embedded systems and their sub-components. Java-based applications including Cisco WebEx, Minecraft and FileSilla FTP could be at risk.

 Amit Yoran, chief executive of Tenable network security firm and the founding director of the US Computer Emergency Readiness Team, says the Apache log4J remote code execution vulnerability is the single biggest, most critical vulnerability of the last decade.

Juan Andres Guerrero, Saudi principal threat researcher with cyber security firm Sentinel One, calls it one of those nightmare vulnerabilities that there's pretty much no way to prepare for.

In fact, the US government has sent a warning to the private sector about the log4J vulnerability and the looming risk it poses. It is even urging companies to have staff working through the holidays to tackle the crisis. According to an analysis by cyber security firm Checkpoint Research, about 41% of corporate networks in India have already faced an attempted exploit. Security experts have assigned Log4Shell a severity rating of ten, the highest level possible. Experts fear that the bug could be used to deploy malware that either destroys data or encrypts it.

So far, no major disruptive cyber incidents have been publicly documented as a result of the vulnerability, but some suspicious activities are being reported in hacking groups. Miscreants are trying to take advantage of the bug for espionage. A partial fix for the vulnerability has been released by Apache, the maker of Log4J. But the affected companies and cyber defenders will need time to locate the vulnerable software where and implement patches. Until then, Log4Shell remains a pressing threat.