Follow Jeremy Linkedin Twitter Facebook
Email Jeremy Email
Technology
Dec 15, 2021

The Most Severe Security Threat Ever is Affecting the Whole Internet. Here’s What You Need to Know

Sponsored Content provided by Jeremy Tomlinson - Owner, Enfuse Technology Solutions

There’s a major security alert that’s affecting the whole of the internet right now. Security researchers have called it one of the most severe vulnerabilities the world has ever seen.
 
A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10.
 
The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. Since last week's alert by CERT New Zealand that CVE-2021-44228, a remote code execution flaw in Log4j, was already being exploited in the wild, warnings have been issued by several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC). Internet infrastructure provider Cloudflare said Log4j exploits started on December 1. 
 
It’s affecting the servers that power much of the web as well as locally based applications that utilize this library.  
 
We want to give you a simple guide to what’s happened, and what it means, without any baffling tech speak.
 
Let’s start at the beginning. At the end of last week, a problem was noticed in the highly popular game Minecraft.
 
It quickly became apparent that the impact was far larger than just affecting a game. In fact, it’s affected millions of web applications, including Apple’s iCloud.
 
The problem is a security flaw in a piece of software called Log4j. This is designed to keep a record of everything that’s happened within applications. This record helps developers track down problems and fix them.
 
Log4j is what’s known as open-source software. It’s developed free by coders in their spare time, and anyone can use it. And rather than write their own logging software, millions of developers have done just that. Why not. It’s a very efficient way to create new applications.
 
But it means the security flaw – called Log4Shell – is now affecting millions of pieces of software, running on millions of machines.
 
 
The flaw allows hackers to run any code they like on affected servers. They could steal data, delete information, or run other software. Experts say this flaw makes it so easy to run malicious code, virtually anyone could do it.
 
What happens from here?
 
The fix to the problem was developed quickly. It was released in a patch – like a Band-Aid to fix the bug. The real issue is updating all the software that’s been using Log4j.
 
It’s so widely used that it’s likely to take several months for the patch to be universally applied. And experts believe there will always be some web applications that, for whatever reason, are never updated.
 
Meanwhile, cybersecurity researchers at Sophos have warned that they've detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability in the days since it was publicly disclosed, along with scans searching for the vulnerability.
 
Cybersecurity firm Bitdefender published research Tuesday that appears to show exploit attempts on vulnerable machines by a new family of ransomware known as “Khonsari.” According to the research, Khonsari ransomware hackers have been targeting Microsoft systems, leaving behind ransom notes.
 
This is where it starts to affect you more directly. We’re likely to see a lot of website hacks and attacks happen over the next few months.
 
Some eCommerce sites that didn’t apply the patch quickly may find hackers have stolen their customers’ card numbers or other details. The risk of identity theft shoots up.
 
Other websites you visit may try to secretly download malware – malicious software – onto your computer.
 
Here are some basic security measures you can take to stay safe online:
 

  • Always use long, randomly generated passwords
  • Never use a password for more than one service
  • Use a password manager to remember passwords for you
  • Keep a closer watch on your card statements for the next few months
  • Invest in a business-class firewall that actively searches your incoming traffic
 
And of course, it’s always a good idea to make sure you keep your business’s computers up-to-date and apply all patches to software.
 
If we can help reassure you that your business is secure – especially as we approach the holidays – please contact us.
 
A UNCW alumnus and Army veteran, Jeremy has called Wilmington home since 1992. He started Enfuse Technology in 2011 to give small businesses a trusted IT partner to help navigate the quickly changing technology landscape. With almost 20 years of technical and management experience, Jeremy is passionate about helping people use technology. Experienced leading organizations through technological strategy and change, Jeremy loves helping businesses find out what they need from their IT systems to succeed. 
 
 
 
 
 
 
 
 
 

Enfuselogo 422122447
Ico insights

INSIGHTS

SPONSORS' CONTENT
Chris 16239425

‘Creative,’ An Adjective To Describe Your Accountant?!

Chris Capone - Capone & Associates
Headshots march websized 2

Is Your Commercial Roof Ready for April Showers?

David Grandey - Highland Roofing Company
Burrus rob headshot 300x300

Spreading Wings for Flight: 2nd Annual Trade Show Highlights the Ingenuity of UNCW Business Students

Robert Burrus - Cameron School of Business - UNC-Wilmington

Trending News

Conservation Group Signs $8M Deal To Buy The Point On Topsail Island

Audrey Elsberry - Mar 26, 2024

National Organization Bestows Top Award On Cape Fear Professional Women In Building

Staff Reports - Mar 26, 2024

Engineering Firm Hires Four Employees

Staff Reports - Mar 26, 2024

N.C. Ports Officials React To Baltimore Bridge Collapse

Audrey Elsberry - Mar 26, 2024

NCino's Fourth-quarter Earnings Signal Rebound From Liquidity Crisis

Audrey Elsberry - Mar 27, 2024

In The Current Issue

MADE: Polyhose Inc.

Polyhose manufactures and fabricates hose protection, paint hose assemblies and rubber hydraulic assemblies from its Pender County facility....


Expanding Tastes On Castle Street

As John Willse and Beth Guertin, owners of Wilmington Wine bottle shop and now the recently opened Creative Tastings restaurant on Castle St...


Hacking Cyberdefense Shortage

A shortage of cybersecurity professionals influenced professor Ulku Clark and her team to slowly evolve UNCW’s offerings to now include eigh...

Book On Business

The 2024 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!


Galleries

Videos

2023 Power Breakfast: Major Developments