Security News > 2021 > February > Microsoft warns of an increasing number of web shell attacks
Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month.
They can be deployed in a large variety of forms, from app plugins and PHP or ASP code snippets injected within web apps to programs designed to provide web shell features and Perl, Python, Ruby, and Unix shell scripts.
In comparison, the Microsoft Defender Advanced Threat Protection team said in a report published last year that it was detecting an average of 77,000 web shells each month, based on data collected from roughly 46,000 distinct devices.
Microsoft also provided some tips on how to harden servers against attacks attempting to download and install a web shell.
Identify and remediate vulnerabilities or misconfigurations in web applications and web servers.
The U.S. National Security Agency also warned of threat actors escalating their attacks on vulnerable web servers to deploy web shell backdoors in a joint report issued with the Australian Signals Directorate in April 2020.
News URL
Related news
- Microsoft fixes 6 zero-days under active attack (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)