Australian Websites For Sale On The Dark Web
ASX-listed firms and financial services organizations are among the hundreds of Australian websites for sale on the dark web. More than 40,000 compromised websites are available for purchase on MagBo, a dark web portal where hackers can trade in hacked websites.
Access to compromised websites is through web shell malware. In April, Australian Signals Directorate issued a cybersecurity update on the increasing web shell malware threat.
The warning, jointly issued by the US National Security Agency, stated that the attack occurs by adding or modifying a web application file to create web shells. It is through these web shells that attackers gain access to websites, disguised as legitimate traffic.
What steps can your business implement to prevent hacking?
What Are The Threats Posed By Web Shell Malware To A Business?
Web shell malware is a significant threat to businesses as it successfully circumvents various security tools in place. The malicious codes feature programming languages such as JSP and others commonly used in web development. The IT teams may find it challenging to identify the attacks. Hackers often use obfuscation and encryption to conceal the web shell.
Some of the threats include.
- Spam and Phishing Emails: Talking to the Australian Financial Review, Elad Ezrahi of KELA, an Israeli intelligence company, said that the web shell allows the attacker to use the compromised website’s mail server to send phishing emails and spam.
- Extensive attack: the web shells can also be part of a much more comprehensive intrusion campaign through access to the vulnerable network.
Who Is At Risk Of A Web Shell Malware Attack?
According to the officials, web shell malware executes system commands arbitrarily sent over HTTPs by the hacker and can appear like regular traffic. It has been a threat for some time and “…evades detection from most security tools,” they added.
Officials noted that it’s a common misconception that web shells only target internet-facing servers. Given that most businesses have permissive security requirements or lagging patch management, it makes them quite susceptible to web shell malware attacks.
Hackers can launch the malicious code on:
- Network device management interfaces
- Internal content management systems and other internal web applications
The Steps That A Business Can Take To Mitigate Cyber Security Threats
NSA and ASD recommendations include a defense-in-depth approach to prevent and uncover malware. Businesses must prioritise web shells on both internal web and internet-facing servers.
However, multiple detection capabilities can mistakenly flag benign files. Some of the recommendations to mitigate web shells and other cybersecurity threats include.
- Use of system management software with secure communication channels, enterprise authentication methods, and security hardening.
- Use of detection techniques such as signature-based detection, web traffic anomaly detection, “known good” comparison, endpoint detection, and response capabilities. Identify unexpected network flows and recurring off-peak access times and other network traffic indicators.
- Prioritising web application updates to remove any vulnerability that hackers may target within 24 hours of patch release.
- Always patching out-dated software in the shortest time possible and frequent updates scheduling and enabling automatic updates – manual updates should be regular if automatic updates are not available.
- For web applications, organisations should practice the least privilege security. Web applications should not have permission to modify web-accessible code or directly write to a web-accessible directory. According to the guidance, attackers cannot successfully upload malicious codes if there are access blocks to the web-accessible folder.
- Configuration changes may be necessary to preserve functionality where there is no direct access to the web-accessible directory. Set the upload saves to a non-web accessible area. Discuss the changes with the web application vendor or consult the documentation before implementing the web-accessible directory mitigation.
- File integrity monitoring is another alternative to blocking file modifications to the web-accessible directory. The file integrity software can allow specific file changes, block others, and alert the administrator to any changes.
- Consider implementing Web Application Firewalls (WAF), Intrusion Prevention Systems (IPS), and Open Web Application Security Project to prevent malicious uploads.
What To Do Next After Discovering A Web Shell Malware
Hardening of web servers and network segmentation are other recommended mitigations for compromises and web shells. If the IT teams discover a web shell, they should use network flow data and packet capture (PCAP) to determine further penetration to the network.
According to NSA and ASD, these tools will help determine the extent and location of the proliferation to effectively evict the intruder and prevent attackers from regaining access later on.
How Managed IT Services Can Help A Business Improve Its Security And Efficiency
Managed IT services in Australia have a wide variety of cybersecurity and financial benefits for businesses. It is not easy for companies to keep up with the fast-changing technology and invest in the latest applications, network capacity, and hardware. It can prove a bottomless pit for any organisation.
Emerging threats such as web shell malware are not easy to prevent, keep up with, and bring the business to a halt. While the company can implement OWASP, Open Web Application Security Project to safeguard against malicious uploads, attackers can find ways to avoid detection. OWASP is only part of the defensive strategy.
According to NSA and ASD, Web Application Firewalls and Intrusion Prevention Systems may not identify web shell traffic. As opposed to using the same solution across all web servers, customize security devices to individual web applications. For example, there should be a configuration for content management systems appliances with application-specific rules against targeted weaknesses.
Managed IT Services have the resources and expertise to maximise protection for the business. They have a wide variety of security tools for real-time mitigations for evolving threats.
Here are the benefits of managed IT Services:
- Virtual private networks for those working at home
- Endpoint Device Security
- Wireless Data Encryption
- Around the clock Threat monitoring and response
- Cybersecurity awareness and training
- Disaster recovery strategies and continuity
- Antivirus software, Web Application Firewalls (WAF), Intrusion Prevention Systems (IPS)
Improve Cybersecurity Through Managed IT Services
The MagBo dark web platform seems to be here to stay, according to threat intelligence company KELA. The firm recommends that Aussie businesses need to protect their networks from web shell attacks, and a managed cybersecurity solutions provider can help.
Steadfast Solutions provides IT services in Melbourne, Brisbane, and throughout Australia. We have experience and expertise in cybersecurity, and our cost-beneficial managed IT services offer advanced security and solutions. Businesses can avoid the prohibitive costs of hiring specialists, hardware, and software. Contact Steadfast Solutions and schedule a consultation.