Experts have called it the biggest software vulnerability of all time in terms of services, sites and devices that were exposed, but to many people, the Log4J vulnerability has flown under the radar, or they might have missed it. This includes veterinary practices that have an online presence, use cloud services, or other pieces of software written in Java.
The vulnerability was discovered on December 09, 2021, in one of the most popular pieces of code, Log4J, that helps software applications to keep track of their past activities. The open-source piece of computer code can be found in millions of devices running Java applications, whereby instead of building a logging system while developing software, developers simply use existing code, such as Log4J, to build new software, thereby avoiding reducing the time taken to make a software.
What is Log4J
Well-built systems are able to keep track of their past activities, such as errors and routine system operations. To achieve this, a logging component is used and varies from one programming language to another.
In the Java programming language, that logging system, which is the most popular and with a huge user base, is the Log4J. When used in software, it is able to record events such as errors and routine system operations and then communicate diagnostic messages about the system with administrators and users.
Log4J is open source and provided by the Apache Software Foundation, and according to reports, was running on millions of devices by the time the vulnerability was discovered.
To understand how important Log4J is, consider one of its most common usage on the internet, where, if you click a bad web link that takes you to a page with no content, a 404 error message is displayed. This is a message that the web server tells clients who try to access content on that URL that there is no such a webpage, a work of Log4J script. After making the 404 error message request, Log4J is also tasked with recording the error for the server’s system administrator so that they can be able to quickly detect why such an error was displayed.
Therefore, there is a huge chance that during your browsing, using software or your operating system, you may have already interacted with the Log4J logging code.
Why should veterinary practices be worried?
We will start with some astounding statistics to put it into perspective why chances are your computer systems are already compromised and you don’t know it yet.
More than 10 billion devices worldwide run on Java, and in most java programs, Log4J is the method used to log computer events.
Most cloud services run on Debian, including Ubuntu and red hart, which are among the two most popular operating systems on the cloud. Unfortunately, these operating systems were heavily affected by the recent hacks.
Most veterinary practices use vendor software for their day-to-day IT infrastructure, including cloud services and practice management systems. These vendors run Java products and their systems are likely to have been affected by the Log4J vulnerability.
Most enterprise companies, including Amazon, Oracle, Mcaffee, Juniper Networks, IBM, Cisco and Broadcom, have already been affected by the vulnerability, and chances are, as a veterinary practice, you use at least one of their services.
Most software, including Atlassian, Amazon web servers Operating systems, cPanel, Debian, Ubuntu, Docker, F-secure products, MongoDB, Oracle software and Zoho, have already been affected. These software are used regularly by veterinary practices around the world.
What does the vulnerability do?
Log4J reach is great, and since it runs on millions of devices, hackers have been given an open door, where they can enter into any computer system and execute a malicious code.
Normally, Log4J logs events and keeps track of past events of a computer system. It is also important for system administrators when troubleshooting. Due to its functionality, it is able to go around any type of security measure, and hence, it does not require authorization when carrying out its tasks.
On December 9, a vulnerability was discovered by security researchers from Chinese tech company Alibaba, although some people have indicated that the vulnerability first appeared on a forum dedicated to the game Minecraft. The researchers indicated that Log4J was allowing unauthorized users to log malicious code into a computer system rather than an event.
The researchers found that, rather than the event being logged, the malicious code is executed, and can give access to hackers on every file, folder and software in a computer system. Researchers also found that the code also gave bad actors the ability to take control of servers or computer systems and lock out authorized users on a system with ease.
Log4J vulnerability a future headache for veterinary practices
Chances are you were not even aware that such a monumental cyberattack was underway, and companies were working around the clock to keep the hackers out and come up with patches, and that is where the problem lies.
Most veterinary practices still have no idea that their networks, computer systems and devices are now vulnerable to cyberattacs through the use of Log4J code. Although most companies have patched their systems, and Log4J has alreayd corrected the problem, veterinary practices will still continue using legacy systems and software that contain the easy to compromise Log4J script.
This means that, in months, and years to come, cyberattacks targeted at veterinary practices will be looking at whether your veterinary practice has the Log4J vulnerability, which they will be using to log into your systems.
Want to avoid all these problems? Update your software to the latest patched versions available, consult your cybersecurity experts for guidance and do research on the type of software that were most vulnerable to Log4J vulnerability. Failure to act quickly is a recipe for future disaster, which, unfortunately, will be your fault.