Nearly half of global corporate networks hacked by Log4J attack
Hackers have targeted more than 40 per cent of companies globally since last week through a log-in vulnerability on a software called Log4J, according to the cyber security group Check Point.
The Log4j library is embedded in almost every Internet service or application we are familiar with, including Twitter, Amazon, Microsoft, Minecraft and more.
Check Point estimated that there had been 846,000 documented attacks relating to the vulnerability in the 72 hours since Friday.
Over a hundred vendors confirmed to be affected including: Microsoft, Amazon Web Services, Netflix and Oracle, and experts say that the flaw has gone unnoticed since 2013.
The Financial Times reported that at some points the Check Point researchers were seeing more than 100 hacks a minute, with hackers gaining control over Java apps, the popular programming language.
According to cyber security expert Ian Mann stated: “This is the biggest cyber security vulnerability of the year, and will lead to many new breaches. The Log4j component is used on many websites, but also login pages to IT network devices like firewalls.”
“Vendors need to be urgently issuing software updates to fix the issue, and IT administrators need to be applying these fixes immediately. ECSC’s global security monitoring is already seeing hackers taking advantage of this new vulnerability”, he added.
This was echoed by a spokesperson for Check Point that said “This vulnerability, because of the complexity in patching it and easiness to exploit, will stay with us for years to come, unless companies and services take immediate action to prevent the attacks on their products by implementing a protection. Now is the time to act.”
The National Cyber Security Centre only declared this as a critical vulnerability yesterday.
An NCSC spokesperson told City A.M.: “This is a significant vulnerability and organisations should urgently follow the mitigation advice we have published. The key step for organisations is to patch enterprise software quickly, and for developers using log4j to update and distribute their software as soon as possible. For the public it’s important to keep updating devices as developers’ understanding of the vulnerability grows.”