Thursday, 12 November 2015

US Warns Of 'Cyber Incidents' By Webshells

The Computer Emergency Readiness Team of the US Government (US-CERT) organizations warned of "cyber incident" caused by webshells. A Webshell is a script that sets an attacker on a Web server, so that he can control the machine remotely.

Through the infected Web server can then be attempted to attack systems on the internal network of an organization. Using webshells by Advanced Persistent Threat (APT) and criminal groups has led to major cyber incidents, according to the US-CERT. Webshells can be written in different languages, such as PHP and ASP. Perl, Ruby, Python and Unix shell scripts are also used.

To install the Webshell an attacker must first find already existing vulnerabilities, such as the content management system (CMS) or the Web server software. Once the Webshell is uploaded it can be used for various purposes, such as to steal login credentials, install additional malware, as a communication channel to control systems on internal networks which are not connected to the Internet and as a command and control infrastructure, for instance in the shape of a botnet.

To avoid installing a Webshell advises the US-CERT to keep applications and operating system up-to-date, use reduced duties on the Web server, a demilitarized zone (DMZ) between applying the corporate network and online systems, a reverse proxy to use, scanning systems and applications for vulnerabilities and validating user input.

No comments:

Post a Comment