What Cybersecurity Pros Must Know About FBI’s Web Shell Removal
May 6, 2021 – Article posted on Dice
Since December 2020, U.S. law enforcement and other government agencies tasked with protecting the nation’s IT networks and infrastructure have faced a pair of daunting cybersecurity challenges.
This first was the SolarWinds supply chain attack, where nation-state hackers used a Trojanized software update within the company’s Orion network monitoring platform to target 100 private firms along with nine federal agencies. The second major incident was a series of attacks where hackers exploited multiple vulnerabilities within on-premises Microsoft Exchange email servers.
In the case of SolarWinds, the Biden administration has tried to address the issue partly through sanctions, but in the case of the Exchange attacks the FBI obtained a court order that allowed agents to go into an unspecified number of private networks to remove some of the malware used by the attackers. As part of the court order, the FBI was then allowed to remove web shells from Exchange servers that had been targeted or compromised.
“I think this means that cybersecurity is starting to become recognized as a critical issue on the national stage,” Drew Schmitt, principal threat intelligence analyst at GuidePoint Security, told Dice. “For the FBI to take such an aggressive and direct action against these web shells, it clearly means that they felt that the threat of these web shells on so many Exchange servers was high enough for the United States that it required a special level of mitigation we haven’t seen used thus far.”
Read More HERE.