A growing number of IT security experts and government agencies across the world have pointed out that the Log4Shell vulnerability discovered in Apache's logger in December is one of the top attack vectors at the moment. Another report is coming from several countries where attackers have used ransomware viruses to target victims using products containing the vulnerability.
Based on the data gathered by the AdvIntel Cyber Defence Center, VMware vCenter servers are the most popular attack point; ransomware is often used to attack VMs (Virtual Machines). From the information we know, one of the dozens of companies using a vulnerable version of The Log4j API, VMWare, had more than 40 products potentially compromised during an attack.
The software provider has since released several updates, but a comprehensive patch has yet to be released for vCenter servers to date.
Log4Shell is an effective way to attack individuals who use vCenter servers and other network services. You will not be in safety until an internet connection is disabled and the system is fully patched.
Cyber security experts indicate that well-known Russian hacking groups have carried out hundreds of attacks on people, leaked their data to the dark web, and demanded exorbitant amounts of money in exchange.
Researchers say that ransomware attacks can be quite profitable since more than 30% of the victims are willing to pay the ransom.
This Log4Shell attack can be carried out in multiple environments, making it extremely complicated to defend against.