Security News > 2020 > April > Web shell malware continues to evade many security tools
Cyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn.
Attackers usually manage to deploy web shells by exploiting web application vulnerabilities, weak server security configuration, or by uploading to otherwise compromised systems.
"In particular, web applications should not have permission to write directly to a web accessible directory or modify web accessible code. Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory," they pointed out.
Finally, they should add defense layers such as Intrusion Prevention Systems and Web Application Firewalls, and improve network segregation and harden web servers.
Finally, the agencies warn, organizations that find a web shell on one or more of their systems should investigate how far the attacker penetrated within the network.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/CkSqf7quqnA/
Related news
- FBI: Free file converter sites and tools deliver malware (source)
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools (source)
- New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- GitHub expands security tools after 39 million secrets leaked in 2024 (source)
- WinRAR flaw bypasses Windows Mark of the Web security alerts (source)
- What native cloud security tools won’t catch (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)