{"id":57730,"date":"2024-11-22T14:18:18","date_gmt":"2024-11-22T14:18:18","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36631\/Heres-What-Happens-If-You-Dont-Layer-Network-Security-Or-Remove-Unused-Web-Shells.html"},"modified":"2024-11-22T14:18:18","modified_gmt":"2024-11-22T14:18:18","slug":"heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/","title":{"rendered":"Here&#8217;s What Happens If You Don&#8217;t Layer Network Security Or Remove Unused Web Shells"},"content":{"rendered":"<p>The US Cybersecurity and Infrastructure Agency often breaks into critical organizations&#8217; networks \u2013 with their permission, of course \u2013 to simulate real-world cyber attacks and thereby help improve their security. In one of those recent exercises conducted at a critical infrastructure provider, the Agency exploited a web shell left behind from an earlier bug bounty program, scooped up a bunch of credentials and security keys, moved through the network and ultimately pwned the org&#8217;s domain and several sensitive business system targets.<\/p>\n<p>In a Thursday blog post, the Agency (CISA) detailed the exercise and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-326a\">opined<\/a> they &#8220;illuminate lessons learned for network defenders and software manufacturers about how to respond to and reduce risk.&#8221; In other words: give it a read and learn from this critical infrastructure organization&#8217;s mistakes \u2013 and the things it did well \u2013 to keep real criminals out of your IT environment.<\/p>\n<p>The CISA red team conducted the operation over a three-month period, we&#8217;re told. It went in blind, with no prior knowledge about the organization&#8217;s technology assets.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>After doing some open source research on the target to learn more about its networks, defensive tools and employees, CISA targeted 13 employees with a spear phishing campaign \u2013 all picked as most likely to communicate with people outside the organization.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>One of the employees responded and eventually ran two malicious payloads \u2013 but the malware didn&#8217;t make it past security controls.<\/p>\n<p>CISA&#8217;s red team continued probing for devices or services exposed to the interview by using publicly available tools like <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.shodan.io\/\">Shodan<\/a> and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/search.censys.io\/\">Censys<\/a>.<\/p>\n<h3 class=\"crosshead\">Old, unpatched bug for the win \u2026 and initial access<\/h3>\n<p>Ultimately, the hunters came across an &#8220;old and unpatched service with a known XML External Entity (XXE) vulnerability.&#8221; The team used a publicly known proof of concept to exploit this bug and deploy a web shell before discovering one already in place on the target organization&#8217;s Linux web server.<\/p>\n<p>This red team used the shell to run commands on the server, find an exposed internal proxy server, and set up command and control (C2).<\/p>\n<p>After escalating privileges, CISA&#8217;s operatives discovered that overly permissive access controls allowed them to run commands as root without a password.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;With root access to the web server, the team had full access to the organization&#8217;s directories and files on a NFS share with no_root_squash enabled,&#8221; thus allowing remote users to read and\/or change any file on the shared system.<\/p>\n<p>The NFS share hosted home directories belonging to &#8220;hundreds of Linux users&#8221; \u2013 many of whom had privileged access to more servers.<\/p>\n<p>With the NFS share wide open, CISA&#8217;s team then snooped around for secrets: private certificate files, Secure Shell (SSH) private keys, passwords, bash command histories, and other sensitive info.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;The team initially obtained 61 private SSH keys and a file containing valid cleartext domain credentials (DOMAINUSER1) that the team used to authenticate to the organization&#8217;s domain,&#8221; we&#8217;re told.<\/p>\n<p>One week after initially breaking into the org, the red team attackers had established persistent access on four Linux servers, using a different persistence mechanism on each one to make it harder for network defenders to discover the intruders.<\/p>\n<p>The team also gained root access to an infrastructure management server that ran Ansible Tower and which CISA described as &#8220;adjacent&#8221; to &#8220;sensitive business systems.&#8221; From there the tame attackers moved on to six more such systems across six IP ranges.<\/p>\n<p>Odd behavior from a root SSH private key \u2013 which was being used to log into multiple hosts and at times and durations outside of the baseline usage \u2013 alerted the target org to the fact that it had been pwned, CISA noted.<\/p>\n<p>&#8220;In a real compromise, the organization would have had to shut down the server, significantly impacting business operations,&#8221; it warned.<\/p>\n<p>The red team also compromised a Windows domain controller, which allowed it to steal credentials and move laterally to all domain-connected Windows hosts in the org.<\/p>\n<p>And after compromising both Linux and Windows systems across the critical facility&#8217;s networks and establishing persistent access, CISA\u2019s attackers got to work on post-exploit activities: accessing more sensitive business systems including admin workstations.<\/p>\n<p>&#8220;The red team maintained access to these systems for several weeks,&#8221; the blog states.<\/p>\n<p>Next, it targeted corporate workstations belonging to the administrators and operators of the victim org&#8217;s critical infrastructure. Time constraints, however, prohibited the team from fully compromising these systems.<\/p>\n<h3 class=\"crosshead\">Lessons learned<\/h3>\n<p>The good news: &#8220;they did not discover a way to compromise the underlying [operational technology] OT devices,&#8221; CISA noted.<\/p>\n<p>In its extensive write-up about the exercise, CISA detailed how its red team evaded detection at each step in the attack. It also suggests what network defenders could have done to kick out the intruders and includes an entire section on ways to mitigate the findings for both defenders and software manufacturers \u2013 we&#8217;d definitely suggest giving the entire analysis a thorough read.<\/p>\n<p>But here are a few key lessons learned from the exercise.<\/p>\n<p>First, the target organization didn&#8217;t have the right technical controls in place to detect and then stop intruders. &#8220;The organization relied too heavily on host-based endpoint detection and response (EDR) solutions and did not implement sufficient network layer protections,&#8221; CISA noted.<\/p>\n<p>Second, the victim org&#8217;s staff \u2013 and any staff, really \u2013 require ongoing training and support to configure software properly and to detect malicious network activity.<\/p>\n<p>And this: leadership must prioritize known attack vectors that put their organization&#8217;s business at risk of attack. &#8220;Leadership deprioritized the treatment of a vulnerability their own cyber security team identified,&#8221; the report reveals, &#8220;and in their risk-based decision-making, miscalculated the potential impact and likelihood of its exploitation.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36631\/Heres-What-Happens-If-You-Dont-Layer-Network-Security-Or-Remove-Unused-Web-Shells.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[11117],"class_list":["post-57730","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlinegovernmentprivacycybercrimedata-lossjapan"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Here&#039;s What Happens If You Don&#039;t Layer Network Security Or Remove Unused Web Shells 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Here&#039;s What Happens If You Don&#039;t Layer Network Security Or Remove Unused Web Shells 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-22T14:18:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Here&#8217;s What Happens If You Don&#8217;t Layer Network Security Or Remove Unused Web Shells\",\"datePublished\":\"2024-11-22T14:18:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/\"},\"wordCount\":957,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,government,privacy,cybercrime,data loss,japan\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/\",\"name\":\"Here's What Happens If You Don't Layer Network Security Or Remove Unused Web Shells 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-11-22T14:18:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,privacy,cybercrime,data loss,japan\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentprivacycybercrimedata-lossjapan\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Here&#8217;s What Happens If You Don&#8217;t Layer Network Security Or Remove Unused Web Shells\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Here's What Happens If You Don't Layer Network Security Or Remove Unused Web Shells 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/","og_locale":"en_US","og_type":"article","og_title":"Here's What Happens If You Don't Layer Network Security Or Remove Unused Web Shells 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-11-22T14:18:18+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Here&#8217;s What Happens If You Don&#8217;t Layer Network Security Or Remove Unused Web Shells","datePublished":"2024-11-22T14:18:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/"},"wordCount":957,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,government,privacy,cybercrime,data loss,japan"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/","url":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/","name":"Here's What Happens If You Don't Layer Network Security Or Remove Unused Web Shells 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-11-22T14:18:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z0EELU1FcmKWEatrPIZ7LgAAARc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/heres-what-happens-if-you-dont-layer-network-security-or-remove-unused-web-shells\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,privacy,cybercrime,data loss,japan","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentprivacycybercrimedata-lossjapan\/"},{"@type":"ListItem","position":3,"name":"Here&#8217;s What Happens If You Don&#8217;t Layer Network Security Or Remove Unused Web Shells"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57730"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57730\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}