COLORADO SPRINGS — Both cybersecurity experts and major tech companies are warning it's one of the biggest cybersecurity threats we've ever faced and if small businesses don't make the fix it could lead to some serious problems in the months ahead. News5 gets the answers about the Log4j cybersecurity vulnerability.
The experts say the bug impacts the logging framework for Java, Log4j, which is run on millions of servers and devices around the world. Ultimately, without a security patch hackers can gather information about you and could even launch their own attacks from the inside.
"It's spun into this very large vulnerability," said Dr. Erik Huffman, a cybersecurity expert in the Pikes Peak Region. "Just very widespread. It's the largest in my lifetime, to see so many devices vulnerable at the same time."
Dr. Huffman says the Log4j vulnerability can impact pretty much anyone.
"It's open source and it's embedded in almost every instance of Java, most instances of Java out there and Java is currently on 3 Billion different devices," said Dr. Huffman.
Hackers have attempted hundreds of thousands of attacks as they try to exploit the vulnerability. It's possible that some companies aren't even aware if their systems run Log4j.
The good news is, Dr. Huffman says there's an update that can be run to patch the vulnerability. So don't wait.
"So small business owners, my number one thing I can say is do not miss this update," said Dr. Huffman
The longer the Log4j vulnerability isn't addressed the more time hackers have to install malware, access system credentials, and steal sensitive information.
"On average right now for a typical cyberattack it's 90 days from the date of occurrence to the date of detection and if you stretch this out to a year it's going to be extremely bad because they are in your system, they are learning more about your environment, they are learning more about yourself and your customers and your employees and information is power," said Dr. Huffman.
Cybersecurity experts say the full impact of this vulnerability may not be felt for months. Microsoft is warning hackers from Iran, China, Turkey and North Korea are busy experimenting with this vulnerability.
