Millions of devices in the world exposed to hackers due to a security gap

Hundreds of millions of digital devices around the world are currently exposed to hacking activities by hacker due to a vulnerability in the «Log4j» software, based on Java code, which is used by the largest multinationals in the technology industry to enter information into their commercial applications.

The widespread use of Logj4 in the majority of applications is due to its open source structure and efficient operation, which allows companies to use it for logging application data instead of having to create their own logging system. However, the same efficiency is also the reason that has raised alarm among US companies and authorities.

Under these circumstances, the head of the US Cybersecurity and Infrastructure Security Agency (CISA) has convened an online meeting with the tech giants and major financial companies to inform them of one of the «most serious security problems she has seen in her career» with the aim of resolving it immediately. As CISA chief Jen Easterly warned, a battle against time is underway as experienced hackers have been exploiting this software «hole» for days. Thanks to it, they can gain relatively easy access to a company's or organisation's computer system - including governmental ones - which they can then extend to their network access systems.

The problem was first identified in the popular online video game Minecraft, but it was not long before the much larger impact of the Logj4 vulnerability became apparent. The cyberattacks, known as «Log4Shell», have been going on unabated since December 9 on Apple, Microsoft, Amazon and IBM apps, among others, according to cybersecurity firm Crowdstrike.

Log4j's maintainer Apache Software Foundation has published a security update that can be used by US multinationals.

For the Biden administration, the coordinated work to address the problem with the companies is also an opportunity to see if the various players in the technology industry with whom it has opened channels of communication after the numerous cyber-attacks last year against the software of SolarWinds and Microsoft can cope.

CISA announced that it will create a public website with information on which applications were affected by the software vulnerability, as well as the techniques used by the hackers. However, it has not yet been determined by US authorities who the companies of interest in the cyber attacks are.