Client article, Dec.17th,2021

 

You may have heard - on Dec. 9th, a critical internet security flaw was disclosed and named Log4j, and it's been wreaking havoc on the internet ever since.

 

"So far, attackers have exploited the flaw to install cryptominers on vulnerable systems, steal system credentials, burrow deeper within compromised networks, and steal data, according to a recent report from Microsoft." 

 

The Wall Street Journal - Dec.15th 

 

What is Log4j? 

 

To better understand Log4j, think of the internet as an enormous, complex machine with many interacting parts.

 

Each distinct part of the internet must "talk" with the other pieces from servers to computers, cameras, cars, and everything else.

 

To do this requires a standard language all the various components can "speak," and for much of the internet, this is software known as Java.

 

“Java powers a large share of today’s digital world by providing the reliable platform upon which many services and applications are built.”   Java’s website.

 

✓ Java calls its software’s logging library “Log4j.” Access to the logging library gives the user administrative power over its system. Thus, the vulnerability is aptly named after Java's logging library.

 

"(Log4j) … allows attackers to execute code remotely on a target computer, meaning that they can steal data, install malware or take control. Some cybercriminals have installed software that uses a hacked system to mine cryptocurrency, while others have developed malware that allows attackers to hijack computers for large-scale assaults on internet infrastructure."

 

The Wall Street Journal - Dec.15th

 

What you need to know

 

At this time, the F-Secure, Rackspace, and OmniWAN products we provide clients are not affected by Log4j.

 

Clients using F-Secure for device protection and Managed Network Security for their internet service are actively managed and protected from the threat environment as it evolves.

 

✓  Cybersecurity that is monitored and managed in real-time is the best defense against Log4j exploits and unknown future threats.

 

What's next

 

I can assure you we will see severe repercussions from the Log4j vulnerability worldwide as the frenzy of exploitation continues into 2022.

 

Here are the reasons why:

  • So many are at risk with estimates in the 100's of millions of affected devices. This is low-hanging fruit for criminal profit from anywhere in the world.
  • The hack is ridiculously easy to perpetrate.
  • There are countless ways to deploy the hack for criminal gain; many no one has even thought of yet.
  • Increased use of AI by hackers in 2022-2023 will discover new Log4j exploits humans would never imagine otherwise.

✓ The worst is undoubtedly yet to come, and the consequences of Log4j will invariably be felt for many years to come.

 

"Cybersecurity firm Check Point said Wednesday that it had detected more than 1.8 million attempts to exploit the bug in the days since it became public, with over 46 percent of those coming from known malicious groups."

 

CNet - Dec.15th

 

 

"So far, Log4j has resulted mostly in cryptomining and a little espionage. The really bad stuff is just around the corner."

 

WIRED - Dec. 16th 

 

Stay in touch with TDS

 

Stay in touch with us to ensure you use protection across your devices and networks.

 

We are here for you when you have questions, are suspicious, have concerns, or need advice on privacy and digital security. Be sure to send screenshots when applicable!

 

We offer complimentary account reviews, risk assessments, and advice for clients, their families, and the referrals they bring to us. 

 

✓ Consider using one of our "computer coaches" to remote in and help you manage your device settings and preferences. The coach can help you with browser security, password management, backups, and everything you need to stay safe and in control of your personal technology.

 

TDS is here for you

 

The staff at TDS will be working over the holidays as it is always high season for hackers and cybercrime. Please reach out if you need us; we'll be here for you.

 

In the meantime, we wish all our clients and their respective families a Merry Christmas and Happy New Year.

 

cybersecurity

Topics: Threat Advisories

Share :

Related Posts

Next-gen phishing is a hybrid and very...

We're seeing a rash of sophisticated phishing schemes...

Read More

T-Mobile Breach - What To Do

T-Mobile said yesterday that data from 40 million former...

Read More