Jaysu
Banned
- Joined
- 21.09.20
- Messages
- 122
- Reaction score
- 838
- Points
- 63
Cybercriminals often use web shells to ensure their presence in compromised networks.
Microsoft has warned of an increase in the number of cyber attacks using web-based shells. Compared to last year, the average monthly number of malicious web shells detected on compromised servers has doubled.
"As the latest data from Microsoft 365 Defender shows, this trend has not only continued, but also intensified: every month from August 2020 to January 2021, we recorded an average of 140 thousand detections of these threats on servers," Microsoft said.
According to the Microsoft Defender Advanced Threat Protection (ATP) report last year, according to data collected from 46 thousand individual devices, the average number of web shells detected on hacked servers was 77 thousand per month.
Microsoft explains the growth in the number of cyberattacks using web-shells by the fact that they are very easy to use and effective. Usually, a web shell is a small piece of malicious code written in typical programming languages for web development (for example, ASP, PHP, JSP). Cybercriminals embed them on web servers, thereby providing themselves with remote access to these servers for further code execution.
Web shells allow attackers to run commands on servers to steal data, or to use the server as a launching pad for other actions, such as sideways movement, deploying additional payloads, or keyboard actions.
Attackers install web wrappers on servers by exploiting vulnerabilities in web applications and Internet-connected servers. In search of vulnerable installations, they scan the Internet using publicly available tools, such as shodan.io. Often, attackers exploit vulnerabilities already fixed by the vendor, which, unfortunately, were not fixed by system administrators.
Once installed on the server, web shells serve as one of the most effective means of maintaining persistence in attacked corporate networks.
"We often see cases where web-shells are used exclusively as a mechanism for maintaining persistence. Web shells provide a backdoor in a compromised network, because after gaining initial access to the server, the attacker leaves a malicious implant on it. If it is not detected, web shells allow the attacker to continue collecting data and monetizing the networks they have access to." – according to Microsoft.
Microsoft has warned of an increase in the number of cyber attacks using web-based shells. Compared to last year, the average monthly number of malicious web shells detected on compromised servers has doubled.
"As the latest data from Microsoft 365 Defender shows, this trend has not only continued, but also intensified: every month from August 2020 to January 2021, we recorded an average of 140 thousand detections of these threats on servers," Microsoft said.
According to the Microsoft Defender Advanced Threat Protection (ATP) report last year, according to data collected from 46 thousand individual devices, the average number of web shells detected on hacked servers was 77 thousand per month.
Microsoft explains the growth in the number of cyberattacks using web-shells by the fact that they are very easy to use and effective. Usually, a web shell is a small piece of malicious code written in typical programming languages for web development (for example, ASP, PHP, JSP). Cybercriminals embed them on web servers, thereby providing themselves with remote access to these servers for further code execution.
Web shells allow attackers to run commands on servers to steal data, or to use the server as a launching pad for other actions, such as sideways movement, deploying additional payloads, or keyboard actions.
Attackers install web wrappers on servers by exploiting vulnerabilities in web applications and Internet-connected servers. In search of vulnerable installations, they scan the Internet using publicly available tools, such as shodan.io. Often, attackers exploit vulnerabilities already fixed by the vendor, which, unfortunately, were not fixed by system administrators.
Once installed on the server, web shells serve as one of the most effective means of maintaining persistence in attacked corporate networks.
"We often see cases where web-shells are used exclusively as a mechanism for maintaining persistence. Web shells provide a backdoor in a compromised network, because after gaining initial access to the server, the attacker leaves a malicious implant on it. If it is not detected, web shells allow the attacker to continue collecting data and monetizing the networks they have access to." – according to Microsoft.