ASX-listed firms and financial services organizations are among the hundreds of Australian websites for sale on the dark web. More than 40,000 compromised websites are available for purchase on MagBo, a dark web portal where hackers can trade in hacked websites.
Access to compromised websites is through web shell malware. In April, Australian Signals Directorate issued a cybersecurity update on the increasing web shell malware threat.
The warning, jointly issued by the US National Security Agency, stated that the attack occurs by adding or modifying a web application file to create web shells. It is through these web shells that attackers gain access to websites, disguised as legitimate traffic.
What steps can your business implement to prevent hacking?
Web shell malware is a significant threat to businesses as it successfully circumvents various security tools in place. The malicious codes feature programming languages such as JSP and others commonly used in web development. The IT teams may find it challenging to identify the attacks. Hackers often use obfuscation and encryption to conceal the web shell.
Some of the threats include.
According to the officials, web shell malware executes system commands arbitrarily sent over HTTPs by the hacker and can appear like regular traffic. It has been a threat for some time and “…evades detection from most security tools,” they added.
Officials noted that it’s a common misconception that web shells only target internet-facing servers. Given that most businesses have permissive security requirements or lagging patch management, it makes them quite susceptible to web shell malware attacks.
Hackers can launch the malicious code on:
NSA and ASD recommendations include a defense-in-depth approach to prevent and uncover malware. Businesses must prioritise web shells on both internal web and internet-facing servers.
However, multiple detection capabilities can mistakenly flag benign files. Some of the recommendations to mitigate web shells and other cybersecurity threats include.
Hardening of web servers and network segmentation are other recommended mitigations for compromises and web shells. If the IT teams discover a web shell, they should use network flow data and packet capture (PCAP) to determine further penetration to the network.
According to NSA and ASD, these tools will help determine the extent and location of the proliferation to effectively evict the intruder and prevent attackers from regaining access later on.
Managed IT services in Australia have a wide variety of cybersecurity and financial benefits for businesses. It is not easy for companies to keep up with the fast-changing technology and invest in the latest applications, network capacity, and hardware. It can prove a bottomless pit for any organisation.
Emerging threats such as web shell malware are not easy to prevent, keep up with, and bring the business to a halt. While the company can implement OWASP, Open Web Application Security Project to safeguard against malicious uploads, attackers can find ways to avoid detection. OWASP is only part of the defensive strategy.
According to NSA and ASD, Web Application Firewalls and Intrusion Prevention Systems may not identify web shell traffic. As opposed to using the same solution across all web servers, customize security devices to individual web applications. For example, there should be a configuration for content management systems appliances with application-specific rules against targeted weaknesses.
Managed IT Services have the resources and expertise to maximise protection for the business. They have a wide variety of security tools for real-time mitigations for evolving threats.
Here are the benefits of managed IT Services:
The MagBo dark web platform seems to be here to stay, according to threat intelligence company KELA. The firm recommends that Aussie businesses need to protect their networks from web shell attacks, and a managed cybersecurity solutions provider can help.
Steadfast Solutions provides IT services in Melbourne, Brisbane, and throughout Australia. We have experience and expertise in cybersecurity, and our cost-beneficial managed IT services offer advanced security and solutions. Businesses can avoid the prohibitive costs of hiring specialists, hardware, and software. Contact Steadfast Solutions and schedule a consultation.