When Are Web Shells Dangerous?
Malicious web shells are dangerous not only because they establish back doors into systems, allowing remote attackers to bypass security restrictions and gain unauthorized system access, but also because of how difficult they can be to detect.
They may be as small as a single line of code, hidden in encrypted HTTPS or encoded plaintext, and can rotate among protocols and ports to obscure their intent.
Attackers can execute web shell payloads hidden in cloud management applications on widely used cloud providers. In a case recently cited by CISA, attackers compromised a product’s internal integrity checker, ensuring it would fail to alert security teams to the breach.
To protect against scripts containing malicious web shells, agencies need strong security processes and tools. Ensure software and patches are kept up to date to reduce exposure to vulnerabilities that could be exploited to inject web shells. The Exploit Prediction Scoring System helps teams prioritize remediation efforts.