Cybersecurity experts debate concern over potential Log4j worm

As the fallout from the Log4j vulnerability continues, cybersecurity experts are debating what the future might hold. 

Tom Kellermann, VMware’s head of cybersecurity strategy, said the Log4j vulnerability is one of the worst vulnerabilities he has seen in his career — and one of the most significant vulnerabilities ever to been exposed.

Log4j, a Java library for logging error messages in applications, was developed by the Apache Software Foundation. Kellermann called Apache “one of the giant supports of the bridge between the world’s applications and compute environments,” adding that the exploitation of Log4j will “destabilize that support and… destabilize the digital infrastructure that’s been built on top of it.” 

more coverage

But his greatest concern is that someone further weaponizes the vulnerability by creating a worm, which Kellermann described as a polymorphic type of malware that can essentially spread on its own. 

“One of the most significant [worms] from back in the early 2000s was Code Red,” Kellermann told ZDNet. “We haven’t seen a widespread global impact like that since then. If this vulnerability were to be weaponized by one of the cyber communities — whether it be intelligence services, one of the four major rogue powers in cyber,

Read More: