Microsoft detects over 70,000 active web shells per day

According to a report released by Microsoft, the company detects an average of 77,000 active web shells per day, which are distributed across 46,000 infected servers.

A web shell is a web security threat, which is a web-based implementation of the shell concept. A web shell is able to be uploaded to a webserver to allow remote access to the web server, such as the web server’s file system. A web shell is unique in that it enables users to access a web server by way of a web browser that acts like a command-line interface

An average of 77,000 web shells is detected every day, a number that has to make people aware of how often hackers are active. A report released by Microsoft states that ” Unfortunately, these gaps appear to be widespread, given that every month, Microsoft Defender Advanced Threat Protection (ATP) detects an average of 77,000 web shell and related artifacts on an average of 46,000 distinct machines.”

“Because web shells are a multi-faceted threat, enterprises should build comprehensive defenses for multiple attack surfaces.” concludes Microsoft. ” Gaining visibility into internet-facing servers is key to detecting and addressing the threat of web shells. The installation of web shells can be detected by monitoring web application directories for web script file writes. Applications such as Outlook Web Access (OWA) rarely change after they have been installed and script writes to these application directories should be treated as suspicious.”

Via: securityaffairs