Threat actors are leveraging HTTP cookies to control PHP-based web shells on Linux servers, allowing them to execute remote code, according to research from the Microsoft Defender Security Research Team.
This tactic is particularly concerning, as it enables attackers to persist on compromised systems without relying on traditional command execution methods, such as URL parameters or request bodies.
By using cookie values to control web shell execution, threat actors can maintain a low profile and evade detection, making it more challenging for security teams to identify and mitigate these types of attacks.
The Microsoft Defender Security Research Team’s findings highlight the importance of monitoring cookie activity and implementing robust security measures to prevent web shell attacks on Linux servers.
As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and prioritize server security to prevent these types of sophisticated attacks.
Source: Original Article
