No data to display.

Are you in danger from latest software vulnerability that has hit tech giants like Amazon, Microsoft?

By Prathapan Bhaskaran on Dec 13, 2021 | 04:33 AM IST

hackingthreat

A flaw in Log4j that many software biggies use makes user data on servers vulnerable to exploitation

  • Hacking incidents have increased by thousands since the flaw in the software was detected

Millions of internet users are vulnerable or are already hit by hackers who are exploiting a flaw in software that is used by many tech giants including Amazon (AMZN) and Microsoft (MSFT). It has been revealed that hackers use a vulnerability in a server software called Log4j to gain access to the computers of internet users. They can force unsolicited downloads to infect users with malicious codes that can lead to disastrous consequences, news reports say.

Cybersecurity researchers have reported thousands of attempts to exploit the bug and gain unauthorized entry to computers, a report in WSJ says.

New round of cyberattacks

Even as cybersecurity officials at major tech companies rush to patch the flaw, security experts warn a new round of cyberattacks could be around the corner.

Among the tech giants forced to reassess their security preparations on account of the flaw in Log4j are Amazon.com Inc., Twitter Inc., (TWTR), and Cisco Systems Inc., (CSCO), the companies informed WSJ.

Amazon, the world’s biggest cloud computing company, said in a security alert, “We are actively monitoring this issue, and are working on addressing it.”

Related article: Russia-based hackers continue to target US

The threat is so real that the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency last week issued an alert about the vulnerability sought urgent action from firms. CISA Director Jen Easterly said, “To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector.”

Easy to exploit

The list of software providers that use Log4j in their products is long. Among them, International Business Machines Corp.’s (IBM), Red Hat, Oracle Corp. (ORCL) and VMware Inc., (VMW) have already said they are deploying patches.

The fear is that as the bug is easy to exploit and attacks hard to block, hackers could use the Log4j problem to break into corporate networks for years to come, according to Aaron Portnoy, principal scientist with security firm Randori. “It is one of the most significant vulnerabilities that I’ve seen in a long time.”

By gaining access to the log files that keep track of what users do on computer servers, hackers sneak in malicious instructions that force the machine to download unauthorized software. It gives the hackers a beachhead on a victim’s network.

Also Read: US blacklists Israeli NSO Group over Pegasus spyware

The issue was reported late last month to the Log4j development team by volunteers of the Apache Software Foundation, according to Ralph Goers, a volunteer with the project. The foundation is a nonprofit group that helps oversee the development of many open-source programs. 

“It’s a very critical issue,” according to Goers. “People need to upgrade to get the fix.” Log4j is used on servers to keep records of users’ activities so they can be reviewed later by security or software development teams.

Stock View