Network security: NSA offers advice on tackling web shell malware
Friday, April 24, 2020
The figures were something of a wake-up call to the industry, which had previously though the prevalence of malicious web shells were far lower.
Ilia Kolochenko, founder and chief exec of web security company ImmuniWeb, said that many cyber gangs automate intrusion and web shell installation on vulnerable websites.
“Often, they [attackers] harvest successfully deployed web shells in a few days or even weeks after launching the attack,” Kolochenko explained.
“Unless some obfuscation of code is used, a web shell can be easily located by various security software.
"Usually, once a web shell is uploaded, it is fairly simple to root the server by exploiting unpatched vulnerabilities or its insecure configuration. Detection of web shells is a fairly routine operation.
“Moreover, such attacks are usually attributable to junior hackers [who are] unskilled or careless enough to upload a web shell without obfuscation and proper removal after backdooring the server,” he added. Read Full Article