This software flaw could cause issues for years to come.
WHAT IS IT?
A piece of faulty software called Log4J has exposed major companies to over 1.2 million cyberattacks since last Friday, according to researchers. So far, the only company known to have been breached via Log4J is Microsoft, which had its servers for the video game Minecraft hijacked. Other companies are currently in investigation mode, so the full fallout is unknown. Log4J was maintained by a team of volunteers who in their free time code for the nonprofit Apache Software Foundation. It’s one of dozens of open-source, volunteer-run organizations that create the free software that underpins most major companies’ operations.
The US government had already warned companies last month to stay extra vigilant against online attacks ahead of the holidays, a popular period for hackers to strike. It’s already one of the most wide-reaching security breaches ever, and it could take years to fully fix. The little-known but widely used Log4J software helps major companies, including Amazon, Apple, Tesla, IBM, and Twitter, log and track user activity across a range of applications. Now, cyberattackers are using it as a crowbar to break into computers. Once in, hackers can: extract sensitive data, Mine crypto, join the computer to a “botnet”—a system of interconnected computers used to mass-send spam and perform other nefarious actions.
The volunteer team has already created a patch to fix the issue, but corporate software engineers have to adapt and deploy the update. Plus, hackers who walked into servers through the Log4J door likely broke some windows while in there, allowing them to circumvent the first patch.