Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.
Malicious individuals are already exploiting the Log4Shell attack, which allows them to get into computer systems and servers without a password. Security experts have seen Log4Shell in action in Minecraft, the popular game that Microsoft owns. A few lines of text passed around in a chat might be enough to penetrate the defenses of a target computer. The same ease of access would allow hackers to go after any computer out there using the Log4J open-sourced java-based logging utility.
Why the Log4Shell hack is so dangerous
The reports on Log4Shell indicate that the hack is a major threat to many Internet companies. This is because hackers might take advantage of it to execute code inside their systems. Patching the vulnerability is possible, and companies have started deploying fixes. But each separate internet entity will have to handle the matter on its own servers and systems. This means not everyone will deploy fixes simultaneously, risking prolonged exposure to the attacks.
“The internet’s on fire right now,” Adam Meyers told AP News. “People are scrambling to patch and all kinds of people scrambling to exploit it.”
Meyers is the senior vice president of intelligence at Crowdstrike, a cybersecurity company monitoring the Log4Shell hack. He revealed that hackers “fully weaponized” the vulnerability just 12 hours after researchers initially disclosed it.
Everyone is at risk
The AP notes that the Log4Shell hack may be the worst vulnerability in years. That’s because it impacts a utility “ubiquitous in cloud servers and enterprise software…