CyberSecurity news
FlagThis
Mandvi@Cyber Security News
//
The Akira ransomware group has been observed using an unconventional method to bypass Endpoint Detection and Response (EDR) systems. In a recent incident, after initial attempts to encrypt Windows systems were blocked by the victim's EDR solution, the group pivoted to targeting an unsecured webcam on the network. This webcam, running a lightweight Linux operating system, lacked EDR protection due to its limited storage capacity.
Akira exploited the vulnerable webcam by deploying a Linux-based ransomware variant, leveraging the device's remote shell capabilities and the Server Message Block (SMB) protocol to encrypt files across the victim’s network. This allowed the attackers to remain undetected, as the malicious SMB traffic originating from the webcam did not trigger security alerts. The initial access to the network was gained through an exposed remote access solution, after which the attackers deployed AnyDesk to maintain access and exfiltrate data.
ImgSrc: blogger.googleu
References :
Akira exploited the vulnerable webcam by deploying a Linux-based ransomware variant, leveraging the device's remote shell capabilities and the Server Message Block (SMB) protocol to encrypt files across the victim’s network. This allowed the attackers to remain undetected, as the malicious SMB traffic originating from the webcam did not trigger security alerts. The initial access to the network was gained through an exposed remote access solution, after which the attackers deployed AnyDesk to maintain access and exfiltrate data.
ImgSrc: blogger.googleu
Share:
References :
- Cyber Security News: Akira Ransomware Exploits RDP to Attack Windows Servers
- gbhackers.com: Akira Ransomware Targets Windows Servers via RDP and Evades EDR with Webcam Trick
- www.bleepingcomputer.com: Akira ransomware encrypted network from a webcam to bypass EDR
- The DefendOps Diaries: Akira Ransomware: Unsecured Webcams and IoT Vulnerabilities
- Hidden Dragon ??: Akira ransomware group have been found using an unsecured webcam to launch their attack and encrypt their target’s entire network. Akira used the webcam to mount Windows Server Message Block (SMB) network shares of the company's other devices. Then, they encrypted the network shares over SMB, successfully working around EDR.
- securityaffairs.com: The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network.
- Hidden Dragon ??: Akira ransomware gang have been found using an unsecured webcam to launch their attack and encrypt their target’s entire network.
Classification:
- HashTags: #Ransomware #EDRBypass #Webcam
- Company: S-RM
- Target: Windows Servers
- Attacker: Akira
- Product: AnyDesk
- Feature: EDR Bypass
- Malware: Akira
- Type: Ransomware
- Severity: Major