Software Flaw Pitches The Internet On Fire

In a rapidly tech-aligning world, it appears the dependence on digital technology is on the rise, with the litany of innovations that has graced the universe on a continuous spike.

Popular Online game, Minecraft was at the receiving end of the bug that highlighted a critical vulnerabilitythat has compromised the widely used software tool and this may have become a major threat to organizations around the world.

Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike, said Friday morning that in the 12 hours since the bug’s existence was disclosed that it had been ‘fully weaponized’, an implication that malefactors had developed and distributed tools to exploit it.

“The internet is on fire right now, People are scrambling to patch, and all kinds of people scrambling to exploit it,” he said. 

The recent vulnerability uncovered in a utility that’s ubiquitous in cloud servers and enterprise software used across industry and government, may be seen as arguable the worst computer vulnerability discovered in years, and unless it gets fixed as soon as possible, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.  

“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.

Amit Yoran, CEO of the cybersecurity firm Tenable, termed it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.

The bug, coined ‘Log4Shell,’ rated 10/10 by the software developer, the Apache Software Foundation, says anyone with the exploit can obtain full access to an unpatched computer that uses the software.

According to software and tech experts, the worst case scenario would be when the vulnerability allows an attacker access a web server, even without a password, signaling a very dangerous hacking possibility.

One of the first organizations to report the flaw was the New Zealand’s computer emergency response team, noting that the vulnerability was being “actively exploited in the wild” just hours after it was publicly reported Thursday and a patch released.

Tech giant, Alibaba had November 4 reported the vulnerability, which was located in open-source Apache software used to run websites and other web services, adding that took two weeks to develop and release a fix.

The Apache software is also often embedded in third-party programs, which often can only be updated by their owners, with most organizations and cloud providers having the possibility of updating their web servers easily.

Yoran, of Tenable, said organizations need to presume they’ve been compromised and act quickly.

The Microsoft-owned Minecraft was presumably the first software to be hit by the flaw exploitation, with security expert Marcus Hutchins and cybersecurityexpert Adam Meyers both affirming that Minecraftusers were already using it to execute programs on the computers of other users by pasting a short message in a chat box.

Microsoft in its reaction said it had issued a software update for Minecraft users, noting that ‘Customers who apply the fix are protected’.

Researchers also reported that the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare, an inclination of a bigger breach.