As major tech companies struggled to contain the fallout from the incident, US officials held a call with industry executives warning that hackers were actively exploiting the vulnerability. .
“This vulnerability is one of the most severe I’ve seen in my entire career, if not the most severe,” said Jen Easterly, Director of Cybersecurity and Infrastructure. United States (CISA), said in a phone call shared with CNN. Major financial firms and healthcare executives attended the press conference by phone.
“We expect the vulnerability to be widely exploited by sophisticated actors, and we have limited time to take the necessary steps to reduce the likelihood of an issue,” Easterly said.
It’s the clearest warning from US officials about a software vulnerability since news broke late last week that hackers were using it to try to infiltrate organizations’ computer networks. office. It is also a test of new channels federal officials have set up to work with industry operators after widespread attacks exploiting the SolarWinds and Microsoft software were revealed last year. last.
Experts told CNN it could take weeks to resolve the vulnerabilities and that Chinese hackers are suspected of trying to exploit it.
It provides hackers with a relatively easy way to gain access to an organization’s computer servers. From there, an attacker can think of other ways to access systems on the organization’s network.
The Apache Software Foundation, which manages the Log4j software, has released a security fix for adoption organizations.
Race against time to solve the hole
Organizations are currently in a race against time to find out if they have computers running vulnerable software on the internet. Cybersecurity executives across government and industry are working around the clock on this.
“We’re going to have to make sure we have a sustained effort to understand the risks of this code across the entire critical infrastructure of the United States,” said Jay Gazlay, another CISA official. in the phone call.
According to Charles Carmakal, senior vice president and chief technology officer of cybersecurity firm Mandiant, hackers with links to the Chinese government have started using the vulnerability. Mandiant declined to disclose details about which organizations the hackers were targeting.
“Over time, everyone can protect the damn thing,” Mandiant CEO Kevin Mandia told CNN, referring to the security hole. “That’s the problem. And maybe there will be good hackers hiding in the noise is not too big.”
“Noise” is a real problem. For cybersecurity professionals, Twitter is a constant source of useful information and, in some cases, misinformation that has nothing to do with security vulnerabilities.
To address the issue, CISA said it will set up a public website with information about which software products are affected by the vulnerability and the techniques hackers are using to exploit it. .
“This will be a multi-week process where new actors are exploiting vulnerabilities,” said Eric Goldstein, CISA’s assistant executive director of cybersecurity.
The popularity of this software forced cybersecurity professionals around the country to spend the weekend checking to see if their systems were vulnerable.
“For most of the IT world, there’s no weekend,” Rick Holland, chief information security officer at cybersecurity firm Digital Shadows, told CNN. “It’s just another long string of days.”
CNN’s Geneva Sands contributed reporting.
.
