IBM X-Force Research: Understanding the Webshell Game
Webshell scripts can be an easy way for administrators to manage a web server remotely, but can be a weak point in an organization’s infrastructure. As a result, malicious actors continue to target them. The Open Web Application Security Project’s (OWASP) most recent study of web application security risks ranks “injection” at number one on its top ten list. One such attack type, command injection, allows attackers to inject shell commands into the host operating system running the website, turning this attack vector into a deadly tool for spreading malware, penetrating networks and executing advanced persistent threats.
Read this research report to learn:
- The types of webshell prevalent today in the hacker universe
- How useful functions can be turned into a malicious attack
- Recommendations for mitigating this threat