The Apache Log4j library is a Java-based logging tool that is ubiquitous in enterprise applications. The vulnerability known as Log4Shell, first reported on Dec. 9, allows an attacker to take over a server just by sending a particular code string via an affected application.
Since then, security researchers are reporting a massive wave of attacks.
Check Point alone, for example, reported that it prevented 1.3 million attempts as of Dec. 14, against 44% of all global networks.
And the number of attacks is climbing exponentially, as hackers rush to exploit the vulnerability to steal data, deploy ransomware, install back doors, create botnets, mine cryptocurrencies, and conduct other illegal activities.