The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying web shell malware, cyber attackers can gain persistent access to compromised networks. The CSI provides techniques to detect—and recommendations to prevent—malicious web shells.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CSI and NSA’s article, Detect & Prevent Cyber Attackers from Exploiting Web Servers via Web Shell Malware, for more information and to apply the recommended mitigations.