Tech news from MIST

Log4J—The Latest Cybercrime Storm


Garima Kejriwal

December 15, 2021

Log4j vulnerability has kickstarted a storm in the cyber world. Being famously called "a Fukushima moment for the cybersecurity industry," the security risk is leading to a monumental number of attacks attempting to exploit it. The vulnerability, also known as Log4Shell, was first discovered by LunaSec researchers. Log4Shell is an open-source logging software used in everything from online games to enterprise software and cloud data centres. The flaw was identified in Microsoft's Minecraft, but LunaSec warns that owing to Log4j's "ubiquitous" presence, "many, many services" are susceptible to this exploit. The reason for this is that practically every major Java-based enterprise software and server on the market uses this open-source Java library. The dramatic security risk discovered on December 9 affects almost every known Internet service or application, including Twitter, Amazon, Microsoft, Minecraft and more. Being deemed as the most threatening security risk this year, the Log4j vulnerability has kickstarted a race between hackers and those in charge of cybersecurity. The former group is rushing to exploit the vulnerability, while the latter races to prevent it from happening. Kryptos Logic, a security firm, announced on Sunday that it had discovered more than 10,000 different IP addresses scanning the internet, which is 100 times the amount of systems probing for Log4Shell on Friday. Given Log4Shell's broad scope and the potential of ransomware following, every security team's primary priority should be patching or minimising the vulnerability.

Abridged fromIndia Today

Click here to see the original post

Share this article