The lights suddenly turned bright red on Friday.
An alert of rare gravity was issued to all web companies after the publication by a researcher of a "proof of concept", a proof of the feasibility of a cyberattack carried out thanks to a software flaw.
This critical vulnerability, called "Log4Shell",
affects computer servers running Java with Apache's Log4j library.
This software component is basically used to keep track of logs, inputs and outputs, and spot potential bugs.
Either the vast majority of machines that host websites or operate online services or mobile applications.
This "zero-day" vulnerability, unknown to all, affects in particular the millions of servers operated by companies such as Apple and its iCloud, Amazon or Twitter.
But also administrations or associations which have less the means to "patch", that is to say to update the software to correct this nightmarish problem.
A giant breach
"In the vulnerability classification, it gets a 10/10 because the risk is systemic" warns Philippe Rondel, cybersecurity expert at Check Point Software. "There are a lot of application servers that contain this software component, so much so that we no longer really know who has it or not," he emphasizes. Almost all software vendors recognized that their solution was vulnerable as it was ...
The first attacks would have started at least two weeks ago, according to Cisco and Cloudfare, two companies whose services were particularly affected. The most resounding materialized on Friday, hours after the alert, when Minecraft players suddenly began attacking Microsoft servers in the hope of gaining an advantage or for the sake of seeing them fall.
Cyber attacks took on another dimension this weekend when more seasoned cybercriminals began randomly scanning potentially vulnerable servers. Once his target has been chosen, the hacker can remotely execute malicious code from another server in order to gain control or install malicious software such as a "crypto-miner" which is used to produce virtual currencies or a Botnet-like virus.
"The risk is not limited to web servers, contrary to what one might think, but also to office applications or embedded systems which are often more complex or even impossible to update", analyze in a note the experts in cybersecurity from Sekoia.
"The attack is so simple that it is widely shared and will be quickly reused especially by groups that operate ransomware" points out Philippe Rondel who predicts "difficult weeks and months for cybersecurity".