Cybercrime May Spike Upwards During Holiday Season
December 15, 2021
1 min 42 sec read
While you're enjoying the holiday break, guess who isn't taking any time off?
That's why the U.S. government issued a warning to companies after Microsoft discovered a Log4j software bug, which could cause 'incalculable' damage
if left unpatched.
Microsoft discovered the bug when the first known attack was targeted at their Minecraft game, and hackers could exploit their servers. They quickly patched the problem, but here's why this software bug is a big deal.
You may not have heard of Log4j, but if you've ever heard of Java, then just know its code is based on the most common software out there. It's used in virtually every computer, and over 3 billion devices like routers and smart home gear use Log4j software, AKA Java-based code.
It's used to log (track) and send data messages into the library of servers for applications, and it can return different types of data back to the end-user.
Think of this software as a diary that saves what's going on within a program. Also, someone could write one line of code into an app, and the Log4j software will return/execute huge chunks of code and perform an action back to the user, whatever that may be.
Because of its vulnerability, there could be mass data breaches worldwide. This java-based software is used by companies like Amazon, IBM, Twitter, Tesla, and Apple, just to name a few, and they use it for a range of applications.
We won't show you the code, but the not-so-funny part is that it requires no skill to hack programs, websites, apps, and your toaster— not kidding! Smart home devices are exposed if they're running on unpatched or outdated Log4j software.
Hackers could extract sensitive data like customer information, mine for crypto without you knowing, or connect your computer to a "botnet." That's a system of interconnected computers used for malicious activities.
The Log4j flaw has existed since 2013 and was maintained by volunteers who worked on the code whenever they could.
The original code has been patched since, but corporate IT teams worldwide are working to fix their systems if they're using an outdated version of Log4j. It's possible that hackers that have already breached servers deployed ways to make the patch ineffective. This problem could persist for years.
So as we go about our days, enjoying this holiday season, hackers are gearing up to do their worst. And it's up to our IT superheroes to fight off these cybercriminals, who lurk behind their keyboards.
We may revisit this topic in a future 3MDD, so stay tuned for more on the story.
Want to read this in Spanish? Spanish Version >>