There are as many as 43,000 hacked servers available for sale on MagBo, a portal on the dark web where hackers can sell and buy hacked websites. This number includes numerous Australian websites, including those of ASX-list firms and financial services companies.
Access to these hacked websites is gained through ‘web shell malware’, which is installed onto compromised servers. In April the US National Security Agency and the Australian Signals Directorate issue a cybersecurity update on the increased threat posed by web shell malware.
The warning stated: “Attackers often create web shells by adding or modifying a file in an existing web application. Web shells provide attackers with persistent access to a compromised network using communication channels disguised to blend with legitimate traffic. Web shell malware is a long-standing, pervasive threat that continues to evade many security tools.”
Elad Ezrahi, Threat Intelligence Team Leader at the Israeli intelligence company KELA, told the Australian Financial Review: “If the web shell enables the actor to abuse the mail server of the compromised website, the actor could use it to send spam and phishing emails… if the compromised site is of a governmental entity, for example, the consequences can be notably severe.”
There have been increased cyber-attacks since the start of the COVID-19 pandemic, as hackers exploit more people working from home and searching for information.
