A recent vulnerability of Log4j has been making waves in the news.  This is a popular computer code found in multiple major computer networks and systems; it has caught the attention of cybersecurity communities around the world.  When this susceptibility was discovered it sent almost every major software company into overdrive.

What is the Log4j vulnerability exactly, and is it something that individual consumers should worry about?  In short, yes—as patches become available to secure this threat, it is important that they are applied to the various software and computers that are used regularly.

If you’re a business owner, it is important to ensure that your IT security is kept up-to-date and that it is patched through the numerous systems that are used each day.  If your IT is managed through a Managed Services Provider or you subscribe to a Managed IT Security company, it is a good idea to work with them to ensure that your systems are being patched and updated regularly.

According to Jen Easterly, the U.S. Cybersecurity and Infrastructure Security Agency director, the issue with log4j is the most serious vulnerability ever seen in her decades-long career.

Log4j is a widely used piece of code that is popular among software developers.  It helps software builders keep track of records and logs within the running software; instead of re-inventing a way of tracking logs each time a piece of software is built, developers instead use this free code available from the internet to keep these records for them.

Whenever log4j is asked to log something, it tries to create a new entry for those records.  A few weeks ago, cyber security experts realized that by asking the program to log a line of malicious code, it would execute that code in the process—effectively letting bad actors take control of servers that are running the log4j code.

How Can You Stay Secure While Software Developers Patch the Vulnerability?

Check Point, a Cybersecurity software company, said that hackers have already tried to use the weakness to get into nearly half of all corporate networks around the world.  Hackers will likely use this vulnerability until it gets patched to install backdoors into networks, and also gives cyber criminals a new way to spread ransomware.  The most popular way hackers use to break into networks to deliver malicious code will be through Phishing emails.  These are messages that attempt to trick people into clicking a link or opening an attachment in an email that appears to be from a known source.

To avoid falling prey to these types of attacks you should always verify the source of your email by checking the headers of any suspicious emails sent to you.  Do not click any links that are in the email, and avoid opening any attachments.  Some tell-tale signs to look for are misspellings, poor punctuation, or a sense of urgency within the email.  In addition, make sure that your software is up to date so you will be able to have the latest and most secure version of the software you’re using.  It’s also a good idea to work with your Managed IT Services and security team to make sure they’re consistently keeping your IT infrastructure secure, like Natural Networks.

If you don’t currently have a Managed IT Security provider, then it may be time to hire one.  If you’re interested in learning more about what a Managed Services Provider like Natural Networks can do for your IT security, give us a call today!