On December 9, cybercriminals began using a newly identified weakness in a commonly used system library called Log4J. You probably haven’t heard of Log4J, nor should you. It is a library used to output log files so developers can solve problems.
But the real problem is that this library is used on so many systems and software products, that the full impact of this attack is not yet known.
According to the US DHS, hundreds of million devices are at risk using software as varied as gaming software, authentication systems, web sites, and web servers. This attack allows hackers to easily take over a server, and use it as a beachhead to take over an entire company’s computer systems.
40% of US Corporate Networks have been targeted so far including. Successful attacks can result in theft of data as well as ransomware.
To make things worse, large insurers such as Lloyds of London have announced that they will no longer honour Cyber-insurance policies if the threat comes from a foreign state actor such as Russia or China. Failure to protect your systems may mean that your insurance is void.
What does this mean for you?
Because Log4J is embedded as part of the software code of many systems, there is very little that individuals can do. What you can do is:
- Make sure that you keep your computers and software packages constantly updated. As vendor patches become available, it is important to apply those patches quickly to your systems and software.
- Ensure you use a password safe to store your passwords.
- Every login you use should have a different password. Do not use the same password for 2 different websites.
- Follow the instructions and advice of your own IT department to keep you safe.