Microsoft said the number of web shells has doubled since last year – ZDNet

admin on February 14, 2021 Leave a Comment

Image: Microsoft

Microsoft says the number of malicious web shells installed on web servers has almost doubled since its last count, last year in August 2020.

In a blog post yesterday, the Redmond company said it detected roughly140,000 web shells per month between August 2020 and January 2021, up from the77,000 averageit reported last year.

The number has increased as a result of a shift in how hackers view web shells. Once considered a tool for script kiddies defacing websites and the go-to tool of DDoS botnet operators, web shells are now part of the arsenal of ransomware gangs and nation-state hackers alike and are crucial tools used in complex intrusions.

Two of the reasons they have become so popular is their versatility and access they provide to hacked servers.

Web shells, which are nothing more than simple scripts, can be written in almost any programming language that runs on a web server such as PHP, ASP, JSP, or JS and such, can be easily hidden inside a website's source code. This makes detecting them a difficult operation, which often involves a manual analysis from a human operator.

In addition, web shells provide hackers with a simple way to execute commands on a hacked server via a graphical or command-line interface, providing attackers with a simple way to escalate attacks.

As the corporate IT space has moved towards hybrid cloud environments, the number of companies running web servers has increased over the past few years, and, in many cases, public-facing servers often have direct connections to internal networks.

As Microsoft's stats have shown, attackers appear to have figured out this change in the makeup of corporate IT networks as well, and have amped up their attacks on public-facing systems.

Web shells now play a crucial role in their attacks, providing a way to control the hacked server and then orchestrate a pivot to a target's internal network.

These types of attacks are exactly what the US National Security Agency warned about in April 2020 when it publisheda list of 25 vulnerabilitiesthat were often used to install web shells.

The NSA report didn't just warn about web shells used on public-facing systems but also about their use inside internal networks, where they're used as proxies to jump to non-public-facing systems.

Microsoft urges companies to re-prioritize their approach to dealing with web shells, which are slowly becoming one of today's biggest security threat. As ways to keep networks secure, the OS maker recommends a few basic actions:

Read more from the original source:
Microsoft said the number of web shells has doubled since last year - ZDNet

Related Posts
Posted in Cloud Servers

Comments are closed.