In today's digital world, IT security is becoming a big deal. With so many people studying IT security training, it is a surprise when companies and organisations ignore expert advice.
In a July announcement, the Insurance Council of Australia said that the current growth in cybercrime is a reason to no longer ignore the threat. It is estimated that cyberattacks cost the nation close to $1 billion a year.
It is estimated that cyberattacks cost the nation close to $1 billion a year.
What is being done to combat this cyberthreat?
The Australian Cyber Security Centre (ACSC) is a government initiative aimed at protecting Australian networks from threats.
The centre draws together a range of cybersecurity partners, including the Defence Department, the Attorney-General's Department, the Australian Security Intelligence Organisation, the Australian Federal Police and the Australian Crime Commission.
According to its June report, cyberattacks have risen by 20 per cent to 1131 last year, growing from just 313 attacks in 2011. The most impacted industries are currently energy, banking and finance, communications, defence and transport.
The rise of new threats is an impetus for more people to seek IT security training and protect their organisations' networks.
New threats precede new defences
One of the major issues with cyberattacks and IT security is the speed at which new strategies and tactics arise.
The ACSC recently released a report advising of a new threat product currently being used. Web shells are defined as an exploitation vector, which can be used to gain illegal access and can lead to the more general network harm.
A web shell is a script that is downloaded to a server that allows cybercriminals to administrate the machine. After installation, the web shell can be used to increase privileges and issue commands offsite. Exposed servers can be either internet-facing or internal.
Systems designed for content management and web server software are most at risk. Unauthorised individuals can use reconnaissance tools to detect and exploit vulnerabilities that may lead to the installation of a web shell.
Examples include:
- China Chopper. Although it is one of the smaller web shells, it is packed with capabilities.
- WSO. Has the ability to veil itself as an error page with a hidden form.
- C99. An alternative version of the WSO. It has the ability to make visible the servers security features.
- B374K. A PHP-based web shell with typical functions.
Web shells can be fought through a range of identification and mitigation strategies for IT administrators of web servers, which have content languages installed.
If you are currently looking to engage with information security training, get in touch with ALC Training today.