Payment processor giant VISA warns that web shells being used increasingly by the bad actors to compromise the servers and extract the credit card information stone from online store clients.
Web shells are tools (either scripts or programs) that are deployed by threat actors to obtain access or to hold access to the compromised servers, remotely execute arbitrary code or commands, move laterally within a victim network, or present further malicious payloads.
Table of Contents
Web Shells Being Used Increasingly to Exfiltrate Skimmed Information
Within the last year, VISA has observed a rise in hackers using the web shells to inject JavaScript-based scripts called credit card skimmers into hacked online stores in web skimming attacks.
On deploying the web shell, the skimmers will able to steal the payment and personal info submitted by the compromised online stores’ clients and additionally send it to servers under their control.
VISA said,
In 2020, Visa Payment Fraud Disruption (PFD) found a trend regarding the number of eSkimming attacks that utilized web shells to establish a command and control (C2) completely while the attacks were executed.
PFD affirmed that a minimum of 45 eSkimming attacks executed last year were using web shells, and security researchers likewise remarked on the increasing use of web shells to execute cyberattacks.
Web Shells Increasingly Used to Backdoor Servers
Even the Microsoft Defender Advanced Threat Protection (ATP) team affirmed the findings of VISA by giving a statement, “The number of web shells deployed on compromised servers has roughly doubled since last year”.
The company’s security researchers identified an average of 140,000 malicious tools on compromised servers each month, between August 2020 to January 2021.
As in compared to the above report, Microsoft stated in the 2020 report that it identified an average of 77,000 web shells every month (based on data collected from about 46,000 different devices between July and December 2019).
Are you seeking more security updates? Subscribe to our newsletter for the latest Security News right from the security and research industries.
Additionally, you can also find the latest Web Hosting News here!