Most major firms will have additional layers of security in place such as encryption software that could foil such a hack, but users will have little or no way of knowing this.Īnd, even if people find out their data is vulnerable, there is little they can do to secure it or to find out if hacker have been able to access it.įor companies, it could mean hackers locking up their servers and demanding money to unlock them in a 'ransomware' attack, or using them them to run capacity-draining processes such as crypto mining.īecause Log4J is open source, many companies may not even know they are using it until the attack has been carried out. In practice, this means that hackers would be able to steal any data stored on those servers or use them to carry out tasks - provided they know how to write code to do the particular task.įor users, it could mean having medical records and bank account details stolen, along with files and photos that have been backed up online. It allows them to drop malicious pieces of code on to servers running the network, which can then be repurposed to do the hacker's bidding.
The flaw that has been exposed in Log4J gives hackers a back door into networks which use the program. Most APIs are open-source, meaning they can be accessed by anyone and are frequently built into networks by engineers constructing them, often without their customers knowing. It is an API, or 'application programming interface', which fetches and carries data across the network - essentially one of the invisible cogs that makes the computer world turn. Log4J is a piece of software that logs user activity and app behaviour on a computer network. That could mean stealing data on those servers such as medical records and photos, plundering company databases for people's bank details, or locking up servers and extorting firms in so-called 'ransomware' attacks.Īnd there is little that most ordinary users can do to stop this from happening, or any way to tell if data has been stolen in this way.Īs one cybersecurity source who spoke to MailOnline put it: 'This is where you put your faith in the lap of the computer Gods and hope it gets fixed soon.' The flaw was uncovered earlier this month in a piece of software called Log4j, which helps applications interact with one-another across computer networks.īy exploiting the flaw, dubbed Log4Shell, hackers can take control of servers which run the network and repurpose them for their own ends. Chinese hackers are already exploiting a 'fully weaponised' software vulnerability which is causing mayhem on the web, with experts warning that it is the 'most serious' threat they have seen in decades.
0 kommentar(er)
