1. Forum
  2. FidoNET
  3. CONSPRCY

  • Hackers spotted using uns

    From Mike Powell@1:2320/105 to All on Friday, March 07, 2025 09:39:00
    Hackers spotted using unsecured webcam to launch cyberattack

    Date:
    Fri, 07 Mar 2025 12:33:00 +0000

    Description:
    Security researchers explain how a company with EDR ended up hacked and its infrastructure encrypted.

    FULL STORY

    Criminals from the Akira ransomware group have been found using an unsecured webcam to launch their attack and encrypt their targets entire network.

    This is according to cybersecurity researchers S-RM, who found the threat actors first accessed their targets remote access solution, either by brute-forcing the login credentials, or buying them off the black market.
    From there, they installed AnyDesk to pivot to other devices on the network, establish persistence, and steal sensitive data.

    Then, they tried to deploy the encryptor for Windows, but were stopped by the companys Endpoint Detection and Response (EDR) mechanism. After hitting this roadblock, Akira looked for other devices, outside EDRs watchful eye, and
    found a live webcam vulnerable to remote shell access.

    Avoidable incident

    The webcam ran on a different operating system based on Linux, allowing Akira to use its Linux encryptor. Speaking to BleepingComputer , S-RM said Akira
    used the webcam to mount Windows Server Message Block (SMB) network shares of the company's other devices. Then, they encrypted the network shares over
    SMB, successfully working around EDR.

    "As the device was not being monitored, the victim organization's security
    team were unaware of the increase in malicious Server Message Block traffic from the webcam to the impacted server, which otherwise may have alerted
    them," S-RM said.

    To make matters worse, S-RM confirmed that a fix for the webcam was
    available, meaning the entire attack could have been avoided with timely patching.

    Other details were not disclosed, so we dont know who the victims were, or
    what type of files Akira stole in this attack. We also dont know if the
    company paid any ransom demands, or if the stolen files made it to the dark web.

    Next to the infamous LockBit, Akira remains one of the bigger ransomware threats out there, so users should be on their guard.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-spotted-using-unsecured-webcam- to-launch-cyberattack

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)