NSA, ASD Release Guidance for Mitigating Web Shell Malware

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



NSA, ASD Release Guidance for Mitigating Web Shell Malware [ 
https://www.us-cert.gov/ncas/current-activity/2020/04/22/nsa-asd-release-guidance-mitigating-web-shell-malware ] 
04/22/2020 10:16 AM EDT 
Original release date: April 22, 2020

The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a 
Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are increasingly 
deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying web shell malware, 
cyber attackers can gain persistent access to compromised networks. The CSI provides techniques to detectand 
recommendations to preventmalicious web shells.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CSI [ 
https://media.defense.gov/2020/Apr/22/2002285959/-1/-1/0/DETECT%20AND%20PREVENT%20WEB%20SHELL%20MALWARE.PDF ] and NSAs 
article, Detect & Prevent Cyber Attackers from Exploiting Web Servers via Web Shell Malware [ 
https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2159419/detect-prevent-cyber-attackers-from-exploiting-web-servers-via-web-shell-malware/
 ], for more information and to apply the recommended mitigations.

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]