- S-RM describes how a company was targeted by Akira Ransomware Gang
- It was protected by an EDR solution, but had an unprotected webcam
- The webcam allowed Akira to deploy a Linux -based enclosure
Criminals from the Akira Ransomware group have been found using an unsanitary webcam to launch their attack and encrypt the entire network of their target.
This is according to S-RM cybersecurity researchers, who found the threat stakeholders who first access the remote access solution of their target, either by forcing the identification information, or by buying it on the black market. From there, they installed Anydesk to rotate to other network devices, establish persistence and steal sensitive data.
Then they tried to deploy the Encryptor for Windows, but were arrested by the company’s detection and response mechanism (EDR). After hitting this road roadblock, Akira looked for other devices, outside of EDR’s vigilant eye, and found a live webcam vulnerable to access to the remote hull.
Avoidable incident
The webcam worked on a different operating system based on Linux, allowing Akira to use its Linux Encryptor. Talk to Bleeping CompomputeS-RM said that Kira used the webcam to mount sharing of the Windows Server (SMB) messages of other company devices. Then, they quantified the sharing of the network on SMB, successfully working around EDR.
“As the device was not monitored, the security team of the victim organization was not aware of the increase in the trafficking of messages from the malicious webcam server to the affected server, which may have alerted them,” said S-RM.
To make things worse, S-RM confirmed that a webcam correction was available, which means that the whole attack could have been avoided with appropriate-time fixes.
Other details have not been disclosed, so we do not know who the victims were, or what type of files thatkira stolen in this attack. We also do not know if the company has paid ransom requests, or if the stolen files went to the Dark Web.
Besides the infamous lockbit, Akira remains one of the greatest threats in ransomware, so users should be on their care.
