- WHY AVERTIUM?
-
-
Why Avertium?
Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
-
Considering Microsoft?
Avertium Named Microsoft Security Solutions PartnerAvertium’s managed services for Microsoft Security Solutions is delivered through the company’s premium service: Fusion MXDR. Fusion MXDR includes 24x7 monitoring and management of Defender for Endpoint and Sentinel, threat intelligence, attack surface
monitoring, and vulnerability management for Microsoft Security customers.
-
-
- SOLUTIONS
- COMPANY
- PARTNERS
-
-
Our Partners
Best-in-class technology from our partners... backed by service excellence from Avertium.
-
Partner Opportunity Registration
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
-
-
- NEWS & RESOURCES
- CONTACT
Ensiko Web Shell Overview
This threat report is about the Ensiko web shell which has a variety of operational capacities and provides actionable intelligence on how to protect against it. The web shell is multi-platform, infecting Windows, Linux, and macOS computers. If the system has PHP installed, the malware can infect the host.
Ensiko Tactics, Techniques, and Procedures
The Ensiko web shell can gain access to web servers through vulnerable applications or attacking already compromised servers. Once the malware is deployed, it can download more functionality from Pastebin or perform mass encryption on the affected webserver via ransomware.
The ransomware component uses RIJNDAEL_128 with CBC mode to encrypt files and overwrites the .htaccess to set a new home page. The new home page is the hacker's calling card with a reference to the group name and their symbol which is an owl.
The new home page has highly obfuscated code using Base64. The ransomware appends all files with the .bak file extension.
The next unique functionality is the ability to pull exchangeable image file format (EXIF) headers from image files. This allows the malware to pull hidden code from three images using a PHP function called exif_read_data. The technique is referred to as steganography which is a useful way to obfuscate the operational components of the malware.
How this Affects You
Infection by Ensiko may result in the following:
- Propagation of malware
- Data loss due to ransomware
- Loss of reputation due to the defacing of the corporate website
What you Can do
Avertium strongly recommends you take the following actions to protect against the Ensiko web shell:
- Keep your web applications up to date and secured behind a firewall
- Perform file integrity monitoring on your web servers to detect the presence of web shells or website defacing attempts
- Place the webserver behind an intrusion prevention system to block common attack methods
Sources and Supporting Documentation
Ensiko Web Shell Information Sources
- https://exchange.xforce.ibmcloud.com/collection/Ensiko-Web-Shell-6f481f8e23e754c68bbe7884891f527a
- https://blog.trendmicro.com/trendlabs-security-intelligence/ensiko-a-webshell-with-ransomware-capabilities/
MITRE Mapping(s)
- https://attack.mitre.org/techniques/T1505/003/
- https://attack.mitre.org/techniques/T1190/
- https://attack.mitre.org/techniques/T1486/
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.
Contact us for more information about Avertium’s managed security service capabilities.
Deciding between running an in-house SOC vs. using managed security services (MSS) to add more rigor, more relevance, and more responsiveness to your cybersecurity program? Compare the two options. Download the e-book!