DBO595

HB1PMS > TECH     08.02.20 19:11l 73 Lines 3216 Bytes #999 (0) @ WW
BID : 1679HB1PMS
Read: GAST
Subj: Average 77,000 Active Web Shells A day, Microsoft
Path: DBO595<DBX320<FRB024<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200208/0940Z 7732@HB1BBS.ZL.NLD.EU BPQ6.0.19

Van: HB1PMS@HB1BBS.ZL.NLD.EU

Average 77,000 Active Web Shells A day, Microsoft Reports
February 6, 2020 | Trends, Reports, Analysis 
exploit, hacker, bash, shell, server, code, linux, engineer, python, 
network, program, loop, lan, internet, prompt, c, ping, computer, minix, 
source, core, soap, ip, shock, local, web, programming, kernel, html, 
programer, command, script, language, cracker, unix, host, plus, software
Microsoft team found out several threat groups, including ZINC, KRYPTON, and 
GALLIUM, using these malicious codes in their attack campaigns.
China Chopper was one of the most widely adopted web shells.
Recently, Microsoft released an investigative report revealing that on 
average 77,000 active web shell attacks take place every day.

A web-shell is a malicious script attackers plant to escalate or maintain 
persistent access on an already compromised web application.

What happened?

Microsoft published a report where it detected an average of 77,000 active 
web shells across 46,000 infected servers each day.

Commenting on their finding, Microsoft researchers said 77,000 detections on 
a daily base is a worrisome figure. It implies an intense activity of threat 
actors in the cybers landscape.

Key findings from the report

Microsoft team found out several threat groups, including ZINC, KRYPTON, and 
GALLIUM, using these malicious codes in their attack campaigns.
Threat actors use these to exploit known issues applications and compromise 
servers to install the web shells.
China Chopper was one of the most widely adopted web shells. It was 
reportedly employed in many cyberespionage campaigns carried out by China-
linked APT groups.
In October 2018, security agencies belonging to Five Eyes (United States, 
United Kingdom, Canada, Australia, and New Zealand) have released a joint 
report that details some popular hacking tools, including China Chopper.

Closing lines

Microsoft has cautioned system administrators to take the report findings 
seriously. From their experience of earlier investigations, Microsoft said 
hackers use web shells to upload other hacking tools on a victim's systems, 
which could later be used for reconnaissance operations and lateral movement 
across a victim's internal network.

This might turn a simple web server hacks into much bigger security 
incidents.

73 Henk.

======================================================================
  _    _ ____  __ ____  ____   _____ 
 | |  | |  _ \/_ |  _ \|  _ \ / ____|  SYS: Henk (hb1nos@hb1bbs.com)
 | |__| | |_) || | |_) | |_) | (___    QTH: Ouwerkerk - JO11XO
 |  __  |  _ < | |  _ <|  _ < \___ \   BBS: HB1BBS.ZLD.NLD.EU
 | |  | | |_) || | |_) | |_) |____) |  QRV: 27.235 MHz (FM 1200bps)
 |_|  |_|____/ |_|____/|____/|_____/   WEB: www.hb1bbs.com

======================================================================

** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93  

======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed zaterdag 08 februari 2020  10:37 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU





Lese vorherige Mail | Lese naechste Mail