Payment processor giant VISA warns that web shells being used increasingly by the bad actors to compromise the servers and extract the credit card information stone from online store clients.
Web shells are tools (either scripts or programs) that are deployed by threat actors to obtain access or to hold access to the compromised servers, remotely execute arbitrary code or commands, move laterally within a victim network, or present further malicious payloads.
Web Shells Being Used Increasingly to Exfiltrate Skimmed Information
On deploying the web shell, the skimmers will able to steal the payment and personal info submitted by the compromised online stores’ clients and additionally send it to servers under their control.
In 2020, Visa Payment Fraud Disruption (PFD) found a trend regarding the number of eSkimming attacks that utilized web shells to establish a command and control (C2) completely while the attacks were executed.
PFD affirmed that a minimum of 45 eSkimming attacks executed last year were using web shells, and security researchers likewise remarked on the increasing use of web shells to execute cyberattacks.
Web Shells Increasingly Used to Backdoor Servers
Even the Microsoft Defender Advanced Threat Protection (ATP) team affirmed the findings of VISA by giving a statement, “The number of web shells deployed on compromised servers has roughly doubled since last year”.
The company’s security researchers identified an average of 140,000 malicious tools on compromised servers each month, between August 2020 to January 2021.
As in compared to the above report, Microsoft stated in the 2020 report that it identified an average of 77,000 web shells every month (based on data collected from about 46,000 different devices between July and December 2019).
Are you seeking more security updates? Subscribe to our newsletter for the latest Security News right from the security and research industries.
Additionally, you can also find the latest Web Hosting News here!