A commonly used piece of web server software contains a serious vulnerability that puts many organizations at risk of being hacked. There is a solution, but the problem is that organizations don’t always know they are at risk.
This is software called Apache Log4j. This program is widely used by companies and organizations to keep track of what is happening on their web servers. This log can contain anything, for example when users log in to a site or where in the systems error messages are given so administrators can resolve them.
A vulnerability was found in Log4j and it is now publicly known how it can be exploited. And it’s relatively easy, says cyber security expert Ronald Pool from Crowdstrike. “A little script kid can do it.”
The National Cyber Security Coordinator wrote on Saturday that the software is widely used by large and small organizations at home and abroad. Hundreds of thousands of organizations could be affected. The Association of Dutch Municipalities (VNG) warned on Monday that probably all municipalities in the Netherlands use Log4j in their systems.
Leaks can lead to computer hijacking and more
The vulnerability can have major consequences. Partly because Log4j is such a widespread program, says Jornt van der Wiel from the cyber security company Kaspersky. “But also because hackers can enter systems without the need for human interaction. For example, cybercriminals do not have to first send an email with a malicious link, but can enter directly through the vulnerability.”
Attackers can then abuse the privileges of web servers for various purposes, depending on how far-reaching the privileges are. For example, hackers who get in through the leak can take computer systems hostage in exchange for ransom. So-called coin miners can also be installed. This means that the computers’ computing power is continuously used to, for example, make bitcoins for the criminal who installed the program.
Not all organizations are familiar with Log4j
The vulnerability is also risky because many organizations may not know they are at risk. “Many companies don’t even know what kind of software they’re using,” says Van der Wiel. For example, a company can use software from a third party in which Log4j is used. It is not immediately visible.
Pool advises companies and organizations to proactively ask their software vendors if they use Log4j. Cyber security company Northwave has also provided a program to check if a server is vulnerable to the leak.
Important to update quickly
Log4j maker Apache has already released an update that fixes the vulnerability in the software. The National Cyber Security Center (NCSC) advises web server administrators to install them as soon as possible.
However, the update will not arrive in time for everyone. Cyber security experts see that hackers are already massively trying to exploit the vulnerability. It is currently unclear how many cybercriminals have already entered businesses before installing the update. It will become clearer in the near future.
Most consumers are not directly affected by the vulnerability, Van der Wiel believes. But he doesn’t completely rule it out. “Because maybe a server that contains your data is misused. And then criminals might be able to access it.”
Unfortunately, this content cannot be displayedWe do not have permission for the necessary cookies. Please accept cookies to view this content.