NORTH PROVIDENCE, R.I. (WPRI) — Cyber security experts are working around the clock to fix a major flaw in a commonly utilized Java-based programing system, used to keep track of people’s computer activity called Log4J.
Companies such as Amazon, Apple and Google all run Log4J, an open-source code that is free to use. The new flaw lets hackers easily take control of a computer system, leaving them susceptible to ransomware, cyber security engineer Cody King explained.
“They can get full control, install ransomware, they can run cryptomining,” King said in an interview. “So they can basically use your system to farm cryptocurrencies to make themselves money. The limits are endless, they can do whatever they want, basically own your systems.”
Log4J was developed by the Apache Software Foundation. The flaw in the code was discovered in late November by the Chinese company Alibaba, and the company took two weeks to develop and release a patch to fix the vulnerability.
Companies across the world are scanning their systems to see if their network or devices have been compromised. King, who works at North Providence-based Security RI, said it will take some time for companies to fully vet their systems.
“This is just the tip of the iceberg that we are seeing, there could be systems that have been infected that we don’t even know about,” King said.
Federal agencies are also sounding the alarm. The Cybersecurity and Infrastructure Security Agency and the U.S. Department of Homeland Security are both asking federal agencies to find and fix the vulnerabilities.
“It is so widely used, it is basically everywhere and inherently now it is vulnerable, so the entire internet is affected by it,” King explained.