Cyber Security, NSA and ASD declare war against web shell malware. The two agencies issued jointly the CSI to mitigate the risks on this issue
The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) declared a war against the web shell malware. The two agencies jointly released a Cyber Security Information Sheet (CSI) to mitigate the risks on this issue. Cybercrime and malicious threat actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying it, they can gain persistent access to compromised networks. The CSI provides techniques to detect—and recommendations to prevent—malicious web shells. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CSI and NSA’s article, Detect & Prevent Cyber Attackers from Exploiting Web Servers via Web Shell Malware, for more information and to apply the recommended mitigations.
Nog only the internet-facing systems are targeted by cybercrime and threat actors for web shells. Attackers frequently deploy them on non-internet facing web servers
According to the cyber security experts, it is a common misperception that only internet-facing systems are targeted by cybercrime and threat actors for web shells. Attackers frequently deploy web shells on non-internet facing web servers, such as internal content management systems or network device management interfaces. Internal web applications are often more susceptible to compromise due to lagging patch management or permissive security requirements. Moreover, though the term “web shells” is predominantly associated with malware, it can also refer to web-based system management tools used legitimately by administrators. The problem is that also these benign web shells may pose a danger to organizations as weaknesses in these tools can result in system compromise.