Attack chains are increasingly making use of Internet Information Services (IIS) extensions to create a “durable persistence mechanism.”
According to a new warning issued by the Microsoft 365 Defender Research Team.
Backdoors are more difficult to detect because they typically reside in the same directories as legitimate modules used by target applications and use the same code structure.
It is recommended that the latest security updates for server components be applied as soon as possible, that antivirus and other protections be enabled, and that sensitive roles and groups be reviewed.