Home Tech Flaw prompts 100 hack attacks a minute, security company says – BBC News

Flaw prompts 100 hack attacks a minute, security company says – BBC News

Flaw prompts 100 hack attacks a minute, security company says – BBC News

A flaw in widely used computer code is prompting 100 new hacking attempts every minute, a security company says.
Check Point said it had seen attempts to exploit the vulnerability on over 40% of corporate networks globally.
One US official said the security flaw, Log4shell, posed a "severe risk", with companies warning it was being actively used by criminal groups.
Fixes have been issued but need to be implemented. Popular applications and cloud services have been affected.
Written in the programming language Java, Log4J, the code containing the flaw, is used by millions of computers running online services.
In the last four months it had been downloaded 84 million times from the largest public repository of open-source Java components, Brian Fox of security company Sonatype, said.
And the ease with which hackers could exploit the vulnerability was, "akin to someone figuring out that mailing a letter into your postbox, with a specific address written on it, allows them to open all your doors in your house".
Words such as "critical" and "emergency" are often bandied around by cyber-security people when a major flaw is discovered.
But in this crisis, another word has stuck out – "trivial".
According to Crowdstrike, the weakness everyone is trying to fix is "trivial" to exploit.
Often when a vulnerability is found in a computer system, there is a little bit of time to fix it.
The cyber-criminals have to work out a way to attack and usually only the smartest crews can do so in the first few hours.
But in this case, it is, apparently, very easy.
We do not yet know how many of these attempted attacks are successful – but this incident has the potential to be extremely costly for corporations that become victims.
For the average person, there is not a lot we can do.
Make sure your apps and software are up to date – and send thoughts, prayers and hugs to the IT teams around the world trying to fix this problem.
Researchers at Chinese technology company Alibaba discovered the flaw last month.
But it gained widespread public attention after being found affecting some sites hosting versions of Minecraft using Java.
Before the flaw was made public, the Apache Software Foundation, which oversees the Log4j code, issued a fix for the problem, rating the problem a "10" – the highest level of seriousness.
Cloudflare chief technology officer John Graham-Cumming said, "This is the third really serious flaw that's affected a wide range of Internet services: Heartbleed in 2012, ShellShock in 2014 and Log4Shell in 2021".
US Cybersecurity and Infrastructure Security Agency director Jen Easterly also stressed the urgency of the situation.
"To be clear, this vulnerability poses a severe risk," she wrote.
It was being widely exploited by hackers and "presents an urgent challenge to network defenders given its broad use".
The UK National Cyber Security Centre said, "This is a significant vulnerability" and called on organisations to urgently follow advice on mitigating the problem.
Microsoft researchers said they had seen hackers using Log4shell to:
Crypto-exchange loses $150m to hackers
Evil Corp: Searching for the world's most wanted hackers
Heavy fighting reported around Kyiv
West orders sanctions on Russia's Putin and Lavrov
Eyes on Kyiv: Key moments from day two of invasion. Video
Ukrainians under fire
Kite flyers defy ban in Pakistan. Video
BBC Ukrainian editor: My son and I packed, and just left Kyiv
Why a year is 'long-term' for vaccine safety
What role did these police have in Floyd’s death? Video
BBC Ukraine editor: There is no safe place any more
A high society beheading that caused outrage
Weekly quiz: Which pop royalty will play this jubilee gig?
The Indian teenager who defeated a world champion
Remember these one hit wonders?
Classics Walking in Memphis, A Thousand Miles, Bad Day and more…
What happens when a date goes wrong?
Technology has revolutionised dating, but comes with its own risks
Leah McCourt: The Belfast mum who made MMA history
She's on a quest to become Bellator world champion…
© 2022 BBC. The BBC is not responsible for the content of external sites. Read about our approach to external linking.



Please enter your comment!
Please enter your name here