Daily Mail
Chinese hackers are already exploiting a ‘fully weaponised’ software vulnerability which is causing mayhem on the web, with experts warning that it poses a threat to internet-connected devices across the globe.
The vulnerability comes from a piece of software – Apache’s Log4j, a popular open source library that helps software developers log activities in applications that they use and build. The software is akin to a digital notebook, and is widely used.
Experts have said the ‘Log4shell’ flaw is the biggest threat in the history of modern computing, with countries issuing critical warnings over the vulnerability that allows criminals to steal personal data, plant malicious software or hijack card details.
Hundreds of millions of devices could be exposed to the vulnerability, with researchers having already documented over 846,000 attacks globally. At one point, this equated to 100 hacks per minute, according to cyber-security firm Check Point.
Any computer that’s connected to the internet that uses an un-patched version of the Log4j software is open to attack from hackers who know how to exploit it.
The vulnerability enables hackers to execute remote code commands. In other words, they can run any code and access all data on an affected device.
Any function that device can perform, the attackers will also be able to perform. This means hackers could use it to access a company’s internal network, for example, including encrypted files.
Millions of firms are in danger. Check Point said 37 percent of the UK’s corporate networks have already been the target of attempted exploitation of the vulnerability, with hackers scanning the internet for possible targets.
Some of the world’s largest tech companies, including Microsoft, Cisco, IBM and Google, as well as government agencies such as Cybersecurity and Infrastructure Security Agency (CISA) in the US, have found some of their servers to be vulnerable.
They have since issued guidelines on how to tackle the threat, urging customers that use Log4j to update the software to the latest version, released since Apache became aware of the vulnerability.
US cybersecurity firms Mandiant and Crowdstrike also said they found sophisticated hacking groups leveraging the bug to breach targets. Mandiant described those hackers as ‘Chinese government actors’ in an email to Reuters news agency.
Tech experts are issuing dire warnings over the vulnerability, saying that the flaw poses one of the most severe cyber-security risks ever seen.
