As major tech companies struggle to contain the fallout from the incident, US officials phoned industry executives warning that hackers are actively exploiting the vulnerability.
“This vulnerability is one of the most serious I’ve seen in my entire career, if not the most serious,” Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said during a telephone conversation with DailyExpertNews. . Major financial companies and healthcare executives attended the telephone briefing.
“We expect the vulnerability to be widely exploited by advanced actors and we have limited time to take the necessary steps to reduce the likelihood of malicious incidents,” Easterly said.
It is the biggest warning yet from US officials about the software flaw since news broke late last week that hackers were using it to try to break into organizations’ computer networks. It’s also a test of new channels federal officials have set up to collaborate with industry executives following widespread hacks using SolarWinds and Microsoft software over the past year.
Experts told DailyExpertNews it could take weeks to address the vulnerabilities and suspected Chinese hackers are already trying to exploit it.
It provides a hacker with a relatively easy way to access an organization’s computer server. From there, an attacker can devise other ways to access systems on an organization’s network.
The Apache Software Foundation, which manages the Log4j software, has released a security solution that organizations can adopt.
Race against the clock to fix error
Organizations are now in a race against time to find out if they have computers running the vulnerable software exposed to the Internet. Cybersecurity executives in government and industry are working around the clock on the problem.
“We must ensure that we continue to make efforts to understand the risk of this code in US critical infrastructure,” Jay Gazlay, another CISA official, said during the phone call.
According to Charles Carmakal, senior vice president and chief technology officer of cybersecurity firm Mandiant, hackers linked to the Chinese government have already begun exploiting the vulnerability. Mandiant declined to comment on which organizations the hackers targeted.
“In time, anyone can weaponize that damn thing,” Mandiant CEO Kevin Mandia told DailyExpertNews, citing the vulnerability. “That’s the problem. And there will probably be big hackers hiding in the noise of the not so big ones.”
The “noise” is a real problem. For cybersecurity professionals, Twitter has been a constant stream of useful information and, in some cases, misinformation unrelated to the vulnerability.
To address the issue, CISA said it would set up a public website with information about which software products were affected by the vulnerability and the techniques hackers used to exploit it.
“This will be a multi-week process of new actors exploiting the vulnerability,” Eric Goldstein, CISA’s executive assistant director for cybersecurity, said during the phone call.
The software’s ubiquity has forced cybersecurity professionals across the country to spend the weekend checking to see if their systems are vulnerable.
“For most of the information technology world, there was no weekend,” Rick Holland, chief information security officer at cybersecurity firm Digital Shadows, told DailyExpertNews. “It was just another long series of days.”
DailyExpertNews’s Geneva Sands contributed to reporting.