Subj : Hackers spotted using uns
To   : All
From : Mike Powell
Date : Fri Mar 07 2025 09:39:00

Hackers spotted using unsecured webcam to launch cyberattack

Date:
Fri, 07 Mar 2025 12:33:00 +0000

Description:
Security researchers explain how a company with EDR ended up hacked and its
infrastructure encrypted.

FULL STORY

Criminals from the Akira ransomware group have been found using an unsecured
webcam to launch their attack and encrypt their targets entire network. 

This is according to cybersecurity researchers S-RM, who found the threat
actors first accessed their targets remote access solution, either by
brute-forcing the login credentials, or buying them off the black market. 
From there, they installed AnyDesk to pivot to other devices on the network,
establish persistence, and steal sensitive data. 

Then, they tried to deploy the encryptor for Windows, but were stopped by the
companys Endpoint Detection and Response (EDR) mechanism. After hitting this
roadblock, Akira looked for other devices, outside EDRs watchful eye, and
found a live webcam vulnerable to remote shell access.

Avoidable incident 

The webcam ran on a different operating system based on Linux, allowing Akira
to use its Linux encryptor. Speaking to BleepingComputer , S-RM said Akira
used the webcam to mount Windows Server Message Block (SMB) network shares of
the company's other devices. Then, they encrypted the network shares over 
SMB, successfully working around EDR. 

"As the device was not being monitored, the victim organization's security
team were unaware of the increase in malicious Server Message Block traffic
from the webcam to the impacted server, which otherwise may have alerted
them," S-RM said. 

To make matters worse, S-RM confirmed that a fix for the webcam was 
available, meaning the entire attack could have been avoided with timely
patching. 

Other details were not disclosed, so we dont know who the victims were, or
what type of files Akira stole in this attack. We also dont know if the
company paid any ransom demands, or if the stolen files made it to the dark
web. 

Next to the infamous LockBit, Akira remains one of the bigger ransomware
threats out there, so users should be on their guard.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/hackers-spotted-using-unsecured-webcam-
to-launch-cyberattack

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

.