Microsoft reveals huge growth in web shell attacks

The number of malicious web shells installed on web servers increased significantly last year and between August and January of 2021, Micro...

The number of malicious web shells installed on web servers increased significantly last year and between August and January of 2021, Microsoft registered an average of 140,000 encounters of these threats each month.

One of the main reasons web shells have grown in popularity among cybercriminals is due to how simple and effective they can be. For those unfamiliar, a web shell is usually a small piece of malicious code written in web development programming languages such as ASP, PHP and JSP.

Attackers then implant these web shells on servers to provide remote access and code execution to server functions. Using a web shell, an attacker can run commands on a compromised server to steal data or use it as a launch pad for theft, lateral movement, to deploy additional payloads or for hands-on-keyboard activity while persisting inside a targeted organization's network.

According to the latest Microsoft 365 Defender data, the monthly average of web shell encounters almost doubled in 2020 when compared to the 77,000 monthly average observed by the software giant in 2019.

Detecting web shells

Within each of the programming languages used to create web shells, there are several means of executing arbitrary commands as well as multiple means for arbitrary attacker input. Attackers can also hide instructions in the user agent string or any of the parameters that get passed along during a web server/client exchange.

What makes detecting web shells particularly difficult is the fact the context of their content is not clear until after the shell is used. Another challenge when detecting web shells is uncovering the intent of the attackers who created them as even a script that seems harmless can be malicious depending on intent.

Attackers also upload arbitrary input files into a server's web directory and from there upload a full-featured web shell that allows arbitrary code execution. These file-upload web shells are simple, lightweight and often overlooked because they cannot execute commands on their own. Instead, they're used to upload files such as full-featured web shells onto an organization's web servers.

Some attackers have also been known to hide their web shells in non-executable file formats such as media files. These media files are harmless when opened on a computer but when a web browser asks a server for this file, malicious code is then executed on the server side.

To prevent falling victim to web shell attacks, Microsoft recommends that organizations patch their public-facing systems, extend antivirus protection to their web servers and audit and review logs from their web servers frequently.

Via ZDNet

from TechRadar - All the latest technology news https://ift.tt/2LROJE4



Apps,3855,Business,147,Camera,1154,Earn $$$,1,Gadgets,1739,Games,924,Innovations,1,Mobile,1695,Paid Promotions,2,Promotions,2,Technology,7933,Trailers,795,Travel,36,Trendly News,17346,Video,4,XIAOMI,12,
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Microsoft reveals huge growth in web shell attacks
Microsoft reveals huge growth in web shell attacks
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy