Most initial network compromises occur due to social engineering techniques such as phishing websites and malicious attachments. However, many threat actors still focus on exploiting unpatched vulnerabilities on servers and web applications to install web shells that act as backdoors to gain a foothold and maintain persistence for further computer network exploitation (CNE) operations. Based on insight from frequently exploited cases, the U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) jointly released a 17-page Cybersecurity Information Sheet (CSI) to help organizations detect and mitigate against web shell malware. The advisory includes a comprehensive appendix of scripts, queries, and log analysis tools for identifying and blocking commonly exploited vulnerabilities. The U.S. Department of Homeland Security's (DHS's) Cybersecurity and Infrastructure Security Agency (CISA) provided a notification that can be accessed here. Read a more comprehensive overview at ZDNet