Expert discusses what you need to know about 'most serious' security breach ever

KGO logo
Monday, December 20, 2021
EXPLAINER: The security flaw that's freaked out the internet
The Log4j flaw lets cyberattackers easily seize control of everything from industrial control systems to web servers and consumer electronics.

SAN FRANCISCO (KGO) -- Security pros say it's one of the worst computer vulnerabilities they've ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.

The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it's so easily exploitable - and telling those with public-facing networks to put up firewalls if they can't be sure. The affected software is small and often undocumented.

RELATED: Major outage at Amazon disrupts businesses across the US including New York Times, Venmo, Disney+

Detected in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a prodigious challenge; it is often hidden under layers of other software.

The top U.S. cybersecurity defense official, Jen Easterly, deemed the flaw "one of the most serious I've seen in my entire career, if not the most serious" in a call Monday with state and local officials and partners in the private sector. Publicly disclosed last Thursday, it's catnip for cybercriminals and digital spies because it allows easy, password-free entry.

Chief Information Security Officer for Armis, Curtis Simpson, a Palo Alto-based cybersecurity management platform joined ABC7's "Getting Answers" to explain what we need to know about Log4j and how it's opened up a huge security threat to us all.

Watch the full interview in the media player above.

The Associated Press contributed to this article.

Copyright © 2024 KGO-TV. All Rights Reserved.