New Log4J Flaw Caps Year of Relentless Cybersecurity Crises

‘Exhausted’ network defenders say technological dependency creates new vulnerabilities. From a report: Cyberattacks on major technology providers and the interconnected world of software and hardware that power the global economy continued at a relentless pace in 2021, according to U.S. officials and security experts. Instead of one company being victimized at a time like in a traditional data breach, thousands were often exposed simultaneously. Businesses, hospitals and schools also worked to defend themselves against an onslaught of ransomware attacks, which increasingly reap $10 million or more in extortion payments. The annus horribilis culminated this month with discovery of a flaw in an obscure but widely used internet code known as Log4j, which one senior Biden administration official said was the worst she had seen in her career. The latest vulnerability comes as U.S. officials warn corporate leaders of a potential surge of cyberattacks while businesses slow their operations during the holiday season.

The string of incidents highlights how decades of digital transformation have linked business and government computer systems in opaque and sometimes surprising ways that will create new vulnerabilities. Major disruptions are certain to continue, cybersecurity officials said. “Network defenders are exhausted,” said Joe Slowik, threat-intelligence lead at the security firm Gigamon. New attention and investment in cybersecurity hasn’t improved the status quo, he said. “Money is flowing into the field, but largely on technical solutions while the core need — more capable people — remains hard to address.”