1. https://appdevelopermagazine.com/security
  2. https://appdevelopermagazine.com/microsoft-dart-team-tracks-77k-active-web-shells/
2/6/2020 10:16:28 AM
Microsoft DART team tracks 77k active web shells
Microsoft,Web Shells,Security
https://news-cdn.moonbeam.co/Microsoft-DART-team-tracks-77k-active-web-shells-App-Developer-Magazine_3yzoacjc.jpg
App Developer Magazine
Microsoft DART team tracks 77k active web shells

Security

Microsoft DART team tracks 77k active web shells


Thursday, February 6, 2020

Brittany Hainzinger Brittany Hainzinger

In a blog post promoting the capabilities of its commercial security platform, Microsoft said that on a daily basis the company's security team detects and tracks on average around 77,000 active web shells, spread across 46,000 infected servers.

In a blog post promoting the capabilities of its commercial security platform, Microsoft said that on a daily basis the company's security team detects and tracks on average around 77,000 active web shells, spread across 46,000 infected servers.

According to ZDNet, these numbers are staggering, since the 77,000 figure is far larger than any previous reports about web shell prevalence. For example, earlier this month GoDaddy's Sucuri reported on cleaning around 3,600 web shells from hacked websites during 2019, a number dwarfed by Microsoft's daily detection count.

A web-shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application.

According to ZDNet, these numbers are staggering, since the 77,000 figure is far larger than any previous reports about web shell prevalence. For example, earlier this month GoDaddy's Sucuri reported on cleaning around 3,600 web shells from hacked websites during 2019, a number dwarfed by Microsoft's daily detection count.

Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb, Master of Legal Studies (WASHU) & MS Criminal Justice and Cybercrime Investigation (BU), comments: 

"Web shells have existed for over a decade already. Today, many cyber gangs automate intrusion and web shell installation on vulnerable websites. Often, they harvest successfully deployed web shells in a few days or even weeks after launching the attack. Unless some obfuscation of code is used, a web shell can be easily located by various security software."

"Usually, once a web shell is uploaded, it is fairly simple to root the server by exploiting unpatched vulnerabilities or its insecure configuration. Detection of web shells is a fairly routine operation, moreover, such attacks are usually attributable to junior hackers unskilled or careless enough to upload a web shell without obfuscation and proper removal after backdooring the server." 


Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here