HackDig : Dig high-quality web security articles for hackers

Ninety-Five Percent of Webshell Attacks Written in PHP

2016-11-19 23:00

There’s nothing inherently malicious about a webshell, which is a script that can be uploaded to a web server to enable remote administration of the machine. In the hands of an attacker, however, they are a serious cyberthreat. Advanced persistent threat (APT) groups often use webshells to breach organizations.

Webshell Attacks Surging

Earlier this year, we reported on two notable upticks in webshell attacks: C99 Shell and b374k. This activity intrigued our analysts, warranting further investigation.

Our subsequent analysis of IBM Managed Security Services (MSS) data showed an increase in webshell attacks this year, most notably in Q2 and the beginning of Q3. We expect to see that trend continue in 2017.

graph of webshell attacks from Sept 2016 to Sept 2016.

PHP Is Prevalent and Persistent

Almost all the attacks — approximately 95 percent — were written in PHP, a widely used open-source scripting language. Although not readily apparent, the number of command injection attacks resulting from malicious PHP webshells is relatively significant. No other single command injection attack type was observed to be as prevalent, or as persistent, for as long.

Download the webshell report

Analysis of IBM MSS data from 2016 also revealed over 120 unique types of PHP webshell scripts. The great majority were observed in attempts to plant webshell scripts in remote servers via command injection to ultimately breach the servers and gain unauthorized access to the data they host. C99 was the most common variety, accounting for nearly 9 percent of the attacks recorded in 2016.

Malicious webshell exploitation is one of the easiest ways attackers can gain unauthorized access to an organization’s network. To learn about more about this threat, including ways to protect against it, read the IBM report titled “Understanding the Webshell Game.”

The post Ninety-Five Percent of Webshell Attacks Written in PHP appeared first on Security Intelligence.


Source: /o5jZ3Czh0zN/3~/ecnegilletnIytiruceS/r~/moc.elgoog.yxorpdeef

“Ninety-Five Percent of Webshell Attacks Written in PHP”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools