Why does the Log4j vulnerability have tech firms worried?
A new vulnerability named Log4 Shell is being touted as one of the worst cybersecurity flaws to have been discovered.
What is the Log4Shell vulnerability?
The vulnerability first came to light on December 9, though some reports say the issue first surfaced on December 1 and was highlighted by the Alibaba Cloud Security team.
The problem impacts Log4j 2 versions which is a very common logging library used by applications across the world. Logging lets developers see all the activity of an application. Tech companies such as Apple, Microsoft, Google all rely on this open-source library, as do enterprise applications from CISCO, Netapp, CloudFare, Amazon, and others.
What have the affected tech companies said?
Microsoft-owned Minecraft was one of the first to acknowledge the flaw and issued a statement, saying that the java edition of the game was at a major risk for getting compromised.
In a statement, Google said it is “currently assessing the potential impact of the vulnerability for Google Cloud products and services. This is an ongoing event and we will continue to provide updates through our customer communications channels.”
As big tech companies struggle to contain the fallout from the incident, U.S. officials have phoned industry executives to warn them that hackers are actively exploiting the vulnerability.
The vulnerability is in Java-based software known as “Log4j” that large organizations, including some of the world’s biggest tech firms, use to log information in their applications. Tech giants like Amazon Web Services, and IBM have moved to address the bug in their products.
Organizations are now in a race against time to figure out if they have computers running the vulnerable software that were exposed to the internet. Cyber security executives across government and industry are working around the clock on the issue.
Currently, this version of the software is rapidly being introduced and is a serious issue as it is expected to exploit the use of cryptocurrency mining, affect service industries like Apple iCloud, Twitter, etc
Affect of Log4shell in India Industry
Indian companies are not more vulnerable than their western counterparts because they use Java-based applications.
Indian companies are at high risk because of their weak security posture, especially the smaller companies that may not have the know-how or resources to detect and fix the issue quickly.
About 41% of corporate networks in India have already faced an attempted exploit.