Microsoft’s Detection and Response and 365 Defender teams are sounding the alarm that the number of observed attacks using web shell malware have nearly doubled since last year. (Microsoft)
The presence of web shells around a network are often one of the strongest signals of an ongoing or imminent cyber attack.
Pulling data from billions of emails, applications, endpoints and identities, Microsoft’s Detection and Response and 365 Defender teams are sounding the alarm that the number of observed attacks using web shell malware have nearly doubled since last year.
The data covers the period between August 2020 and January 2021, finding an average of 140,000 web shell attacks per month, up from around 77,000 per month over that same period the prior year.
Microsoft thinks a contributing factor to the rise is the relative ease in which hackers can quickly weaponize vulnerabilities to set up shells around victim networks.
In one instance last July, a critical configuration vulnerability microsoft shell attacks doubled media
