Criminals from the Akira ransomware group have recently used an unsecured webcam to launch a cyberattack, encrypting an entire corporate network. According to cybersecurity researchers at S-RM, the attackers first accessed the target’s remote access solution by brute-forcing credentials or purchasing them on the black market. After gaining access, they deployed AnyDesk software to navigate the network, establish a foothold, and extract sensitive data.
Initially attempting to deploy a Windows encryptor, the criminals encountered resistance from the company’s Endpoint Detection and Response (EDR) system. Undeterred, they shifted their focus to find devices outside of the EDR’s surveillance and located a vulnerable live webcam. This webcam operated on a Linux-based system, allowing the attackers to use a Linux encryptor instead.
By exploiting the webcam’s access, Akira mounted Windows Server Message Block (SMB) shares of other devices within the network, successfully encrypting these shares without alerting the organization’s security team. The rapid increase in suspicious SMB traffic from the unsecured webcam went unnoticed by the security measures in place.
What’s particularly alarming is that a fix for the webcam vulnerability was available, implying that the entire incident could have been avoided with timely updates. Details about the specific victim and the stolen information remain undisclosed, leaving questions about whether a ransom payment was made or if the stolen data found its way onto the dark web.
Given the growing notoriety of Akira, alongside other ransomware threats like LockBit, it’s essential for organizations to stay vigilant and ensure all devices on their networks are properly secured and monitored.