According to experts from the U.S. Cybersecurity and Infrastructure Security Agency, millions of devices worldwide could be exposed to a recently revealed software vulnerability.
On Monday, a cyber official from the Biden administration warned executives in major U.S. industries about the potential severity of this discovery.
“This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said Monday. “We expect the vulnerability to be widely exploited by sophisticated actors, and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents.”
Last week, it was revealed that hackers were utilizing the flaw to break into organizations’ computer networks.
This warning is the result of a new protocol established by officials for working with industry executives following the widespread hacks against SolarWinds and Microsoft software revealed last year.
Experts have now said it could take weeks to address the flaw and that suspected Chinese hackers are already working to exploit it.
The flaw is in a Java-based software known as “Log4j” that many large organizations, including some of the world’s biggest tech firms, utilize to log data inside their native applications. Tech giants like Amazon Web Services and IBM have begun to address the flaw in their systems, moving at an urgent pace to protect customers and users.
The software flaw offers a relatively easy way to access an organization’s computer server. Once the hacker gains access through the flaw, they could devise other ways to access an organization’s network systems.
Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply in response to the urgency of the issue.