The most severe security threat ever

Posted December 16, 2021

The most severe security threat ever is affecting the whole internet. Here’s what you need to know

There’s a major security alert that’s affecting the whole of the internet right now. Security researchers have called it one of the most severe vulnerabilities the world has ever seen.

Yet you’d be excused for not having heard much about it. Because, unusually for a cyber security alert, it’s not affecting the normal computers that you use in your business.

It’s affecting the servers that power much of the web. There are some small security measures you can take to keep you and your team safe online. We’ll come onto those in a minute.

We’re writing this to give you a simple guide to what’s happened, and what it means, without any baffling tech speak.

Let’s start at the beginning. At the end of last week, a problem was noticed in the highly popular game Minecraft.

It quickly became apparent that the impact was far larger than just affecting a game. In fact, it’s affected millions of web applications, including Apple’s iCloud.

The problem is a security flaw in a piece of software called Log4j. This is designed to keep a record of everything that’s happened within applications. This record helps developers track down problems and fix them.

Log4j is what’s known as open source software. It’s developed free by coders in their spare time, and anyone can use it. And rather than write their own logging software, millions of developers have done just that. Why not. It’s a very efficient way to create new applications.

But it means the security flaw – called Log4Shell – is now affecting millions of pieces of software, running on millions of machines.

So while it’s not affecting the normal computers you use in your business, it is affecting many of the services you use.

The flaw allows hackers to run any code they like on affected servers. They could steal data, delete information, or run other software. Experts say this flaw makes it so easy to run malicious code, virtually anyone could do it.

What happens from here?

The fix to the problem was developed quickly. It was released in a patch – like a plaster to fix the bug. The real issue is updating all the software that’s been using Log4j.

It’s so widely used that it’s likely to take several months for the patch to be universally applied. And experts believe there will always be some web applications that, for whatever reason, are never updated.

This is where it starts to affect you more directly. We’re likely to see a lot of website hacks happen over the next few months.

Some ecommerce sites that didn’t apply the patch quickly may find hackers have stolen their customers’ card numbers or other details. The risk of identity theft shoots up.

Other websites you visit may try to secretly download malware – malicious software – onto your computer.

Here are some basic security measures you can take to stay safe online:

  • Always use long, randomly generated passwords
  • Never use a password for more than one service
  • Use a password manager to remember passwords for you
  • Keep a closer watch on your card statements for the next few months

And of course, it’s always a good idea to make sure you keep your business’s computers up-to-date, and apply all patches to software.

If we can help reassure you that your business is secure – especially as we approach the holidays – please contact us.

Published with permission from Your Tech Updates.

Managed IT Support

Windows 11 Guide

Simply enter your email and we'll send you a free copy of the guide!

Ransomware Guide

Simply enter your email and we'll send you a free copy of the guide!

If your IT support company is ALWAYS fixing your technology… it’s time to switch

Simply enter your email and we'll send you a free copy of the guide!

Microsoft App Guide

Simply enter your email and we'll send you a free copy of the guide!

The biggest security threat to your business is on your payroll

Simply enter your email and we'll send you a free copy of the guide!

Malware Threat Guide

Simply enter your email and we'll send you a free copy of the guide!

Your Office is on fire guide

Simply enter your email and we'll send you a free copy of the guide!

Your 2021 Productivity Guide

Simply enter your email and we'll send you a free copy of the guide!

Your 2021 Productivity Guide

Simply enter your email and we'll send you a free copy of the guide!

Free security e-book!

Interested in the security of your IT systems? Get a free e-book on us. Simply enter your email and we'll send you your book by email!

Free security e-book!

Interested in the security of your IT systems? Get a free e-book on us. Simply enter your email and we'll send you your book by email!

Email Hijack Book

Simply enter your email and we'll send you, your free book download!

The top 5 questions you could ask us

Simply enter your email and we'll send you a free copy of the guide!