Security News > 2021 > February > Microsoft warns of an increasing number of web shell attacks
Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month.
They can be deployed in a large variety of forms, from app plugins and PHP or ASP code snippets injected within web apps to programs designed to provide web shell features and Perl, Python, Ruby, and Unix shell scripts.
In comparison, the Microsoft Defender Advanced Threat Protection team said in a report published last year that it was detecting an average of 77,000 web shells each month, based on data collected from roughly 46,000 distinct devices.
Microsoft also provided some tips on how to harden servers against attacks attempting to download and install a web shell.
Identify and remediate vulnerabilities or misconfigurations in web applications and web servers.
The U.S. National Security Agency also warned of threat actors escalating their attacks on vulnerable web servers to deploy web shell backdoors in a joint report issued with the Australian Signals Directorate in April 2020.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)