NewsNational

Experts concerned about Log4j cybersecurity flaw

Log4j
Posted at 2:13 PM, Dec 20, 2021
and last updated 2021-12-20 14:13:58-05

Microsoft has issued a warning relating to a critical flaw it recently discovered in software that's used worldwide.

The company says hackers linked to the governments of China, Iran, North Korea and Turkey are experimenting with a vulnerability recently discovered in Log4j, a Java-based software.

The software is used by dozens of industries, from gaming to government, utilities to food, and transportation to tech. Silicon Valley giants like Microsoft, Apple and Google also use the software.

Cybersecurity company Check Point is tracking and stopping millions of attempted hacks through the vulnerabilities in Log4j. They say hackers have attempted to breach nearly half of their customers' corporate networks.

Mark Ostrowski, the head of engineering at Check Point, says the issue is a serious problem because the software is widely used and the flaw is easily exploitable.

"On that scale of one to 10, it could be a nine or a 10 because of how impactful this could be," he said.

Ostrowski said there have already been at least two patches to fix the vulnerability. The government's cybersecurity agency also released guidance for organizations that were impacted.

The bad news is the risk. Hackers can use the flaw to gain access to everything from web servers to control systems to personal electronics.

Check Point says the full impact of the security breach may not be felt for months.

"The first attempts of exploitation are more — I won't say benign, but more like crypto-mining software and things of that nature," Ostrowski said. "But the more sophisticated threat actors will sit back understand how the exploitations are going, understanding how the scanning is going and then figure out more impactful ways to deploy malware and create larger issues."

For now, Ostrowski says some programs or websites may experience brief outages while security teams put patches in place. There will also be more notices to download updates to correct the issues.

Ostrowski adds that everyone should keep their operating systems up to date to keep devices secure.