Security News > 2020 > April > Web shell malware continues to evade many security tools
Cyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn.
Attackers usually manage to deploy web shells by exploiting web application vulnerabilities, weak server security configuration, or by uploading to otherwise compromised systems.
"In particular, web applications should not have permission to write directly to a web accessible directory or modify web accessible code. Attackers are unable to upload a web shell to a vulnerable application if the web server blocks access to the web accessible directory," they pointed out.
Finally, they should add defense layers such as Intrusion Prevention Systems and Web Application Firewalls, and improve network segregation and harden web servers.
Finally, the agencies warn, organizations that find a web shell on one or more of their systems should investigate how far the attacker penetrated within the network.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/CkSqf7quqnA/
Related news
- 5 Must-Have Tools for Effective Dynamic Malware Analysis (source)
- SOC teams are frustrated with their security tools (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Best AI Security Tools: Top Solutions, Features & Comparisons (source)
- AI’s impact on the future of web application security (source)
- Here's what happens if you don't layer network security – or remove unused web shells (source)