With hundreds of thousands of attack attempts detected and blocked by ESET systems alone, there is no time to lose. It will probably be a matter of time before attacks intensify through vulnerability Log4Shell.
Business leaders may know the budget they have approved for their company's IT department, but they often don't know whether their company's IT systems have been updated or patched. vulnerabilities. 
Things change, of course, when a breaking news story emerges about another company that has received a cyberattack or a data breach due to a vulnerability in the software it was using. Reading such news, business leaders should ask themselves: “Could my company be? uses this software? And, if so, have we taken the necessary measures to protect ourselves?"
One such case is the Log4Shell vulnerability that recently monopolized the international media. Initially, this vulnerability concerns a piece of code - the Apache Log4j 2 platform - that is used globally and could easily exist in the software used by your company, even without the knowledge of IT staff.
In that sense, it's almost like any other vulnerability that information security teams typically deal with. In addition, exploiting the vulnerability in this code is rather simple for cybercriminals and therefore dangerous for your business.
Sitting behind their computer screen somewhere far away (or probably not so far away) and armed with little knowledge of the Java programming language, cybercriminals can scan the internet and send malicious packets to compromise some of your systems. are exposed to the Internet and running a vulnerable version of this code library.
If your system is infected with such a malicious package, the game may be almost over because the attacker has now instructed one of your systems to try to contact a website and download malware that could take over. complete control of this system.
In the same way, a cybercriminal already on your network could just as easily move to other systems, using the same tactics.
So far, ESET detection systems have seen attackers try to carry malware such as coin miners, Tsunami trojans and Mirai, as well as the Meterpreter penetration test tool. It may be a matter of time before attacks intensify and advanced threat providers massively target vulnerabilities.
Η vulnerability Log4Shell provoked reactions internationally, with companies taking full control of all software they use and / or develop for the presence of vulnerable versions of the Log4j 2 library. With hundreds of thousands of attack attempts detected and blocked only by ESET systems time to lose.
Business leaders should speak with their company's IT staff to ensure that a full search of all software components from A to Z is conducted, with base a list of priorities.
Many software development companies have already checked them products them and have published advice for customers about whether they are affected and, if so, what steps customers should take. Your company's IT team should seek this advice immediately.
It is important that once vulnerable versions of the Log4j library are found, IT teams update to the latest version of the library, which is currently 2.16.0. IT managers can follow the tips provided are here.
