Email this Article Email   

CHIPS Articles: NSA: Detect & Prevent Cyber Attackers from Exploiting Web Servers via Web Shell Malware

NSA: Detect & Prevent Cyber Attackers from Exploiting Web Servers via Web Shell Malware
By NSA News - April 22, 2020
FORT MEADE, Md., April 22, 2020 — Malicious cyber actors have increasingly leveraged web shells to gain or maintain access on victim networks. Web shell malware is software deployed by a hacker, usually on a victim’s web server, that can execute arbitrary system commands, commonly sent over HTTPS.

To harden and defend web servers against this threat, NSA and the Australian Signals Directorate have issued a dual-seal Cybersecurity Information Sheet (CSI). This product contains valuable information on how to detect and prevent web shell malware from affecting Department of Defense and other government web servers, though the guidance would likely also be useful for any network defenders responsible for maintaining web servers.

Web shell malware has been a threat for years and continues to evade detection from most security tools. Malicious cyber actors are increasingly leveraging this type of malware to get consistent access to compromised networks while using communications that blend in well with legitimate traffic. This means attackers might send system commands over HTTPS or route commands to other systems, including to your internal networks, which may appear as normal network traffic.

This CSI contains detection techniques, along with links to signatures and lists maintained on GitHub. This report also highlights prevention techniques and recovery guidance. NSA encourages network defenders who maintain web servers to review this technical guidance and apply the mitigations as appropriate.

To read more, check out NSA's Cybersecurity Advisories & Technical Guidance at

NSA cybersecurity graphic explaining where to read more about Cybersecurity Advisories and Technical Guidance
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer