With hundreds of thousands of attack attempts detected and blocked by ESET systems alone, there is no time to lose. It will probably be a matter of time before attacks intensify through vulnerability Log4Shell.
Business leaders may be aware of the budget they have approved for their IT department, but they often do not know if their company's IT systems have been updated or if vulnerabilities have been fixed. 
Things change, of course, when a breaking news story emerges about another company that has received a cyberattack or a data breach due to a vulnerability in the software it was using. Reading such news, business leaders should ask themselves: “Could my company be? uses this software? And, if so, have we taken the necessary measures to protect ourselves?"
One such case is the Log4Shell vulnerability that recently monopolized the international media. Initially, this vulnerability concerns a piece of code - the Apache Log4j 2 platform - that is used globally and could easily exist in the software used by your company, even without the knowledge of IT staff.
In that sense, it's unlike almost any other vulnerability that teams typically deal with security information systems. Furthermore, exploiting the weakness in this code is rather simple for cybercriminals and thus dangerous for your business.
Sitting behind their computer screen somewhere far away (or possibly not so far away) and armed with a little knowledge of the Java programming language, cybercriminals can scan thenetwork and send malicious packages to compromise some of your systems exposed to the Internet and running a vulnerable version of this code library.
If your system is infected with such a malicious package, the game may be almost over because the attacker has now instructed one of your systems to try to contact a website and download malware that could take over. complete control of this system.
In the same way, a cybercriminal already on your network could just as easily move to other systems, using the same tactics.
So far, ESET's detection systems have seen attackers trying to transfer malware like coin miners, the Tsunami trojans and Mirai, as well as the Meterpreter penetration test tool. It may be a matter of time before attacks intensify and advanced threat providers massively target vulnerabilities.
Η vulnerability Log4Shell provoked reactions internationally, with companies carrying out a full audit of it all software using and/or developing for the presence of vulnerable versions of the Log4j library 2. With hundreds of thousands of attack attempts detected and blocked by ESET's systems alone, there is no time to waste.
Business leaders need to talk to their company IT staff to make sure that all software items from A to Z are fully searched, based on a list of priorities.
Many software developers have already tested their products and published customer tips on whether they are affected and, if so, what action customers should take. Your company's IT team should seek these tips immediately.
It is important that once vulnerable versions of the Log4j library are found, IT teams update to the latest version of the library, which is currently 2.16.0. IT managers can follow the tips provided are here.
