“The Internet’s on Fire”: Google, Amazon, Netflix, Microsoft, Apple & More Vulnerable to Log4Shell Bug
Log4Shell, a critical bug in a widely used Java software tool, is rapidly emerging as potentially the worst cyberthreat ever discovered. It is known as a “zero-day” vulnerability, meaning there are no patches or solutions and that victims (be it individuals or companies) are oblivious to their targeting.
“The internet’s on fire right now,” said Adam Meyers, senior vice-president at the cybersecurity firm Crowdstrike. “People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He has claimed that in the 12 hours following the bug’s existence being reported, it had already been fully weaponized, meaning cybercriminals have already developed malicious tools to exploit it.
Unless it is fixed, Log4Shell grants criminals and spies (and even amateur programmers) easy access to internal networks where they can steal valuable data, plant malware and erase information.
Because almost every company uses Java Script, all companies are at risk of attack. “I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare. Untold millions of servers have it installed, and because of its “zero-day” properties victims would not know for days in the event of an attack.
Those shown to be vulnerable reads like a who’s who of the internet. The potential victims (which even includes governments) include:
- Amazon
- Netflix
- Android
- Apple
- IBM
- Tesla
- Badu
- Steam
- Alibaba
- Minecraft
Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — potentially the biggest in the history of computing. Log4Shell has also been rated 10/10 by the Apache Software Foundation in its threat score.
It is claimed that anyone with the weaponized bug can obtain full access to a computer that uses the Java software. It is the ease with which the vulnerability lets an attacker access a server that makes it so dangerous — we’re not talking passwords here, but as simple as copying, pasting, and sending some code text in a message.
Indeed, it was users on the children’s game, Minecraft, that first illustrated the potentiality of the Log4Shell’s exploitation. Gamers were using the bug to take control of rivals’ computers — simply by pasting a short message in the chat box.
Lastly, it has been reported that the bug, much like an organic virus or bacteria, has already started mutating and adapting to the internet. Over 60 mutant strains have been detected — causing even greater concern for the road ahead. For now, there is not much the average user can do, other than ensure they have up-to-date cybersecurity protection installed on their devices.
As ever, if this article’s been of use and/or interest to you, please do SHARE with friends and family to help keep the online community informed and protected.