TZUTC: -0500   
   MSGID: 371.consprcy@1:2320/105 2c303e7f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Hackers spotted using unsecured webcam to launch cyberattack   
      
   Date:   
   Fri, 07 Mar 2025 12:33:00 +0000   
      
   Description:   
   Security researchers explain how a company with EDR ended up hacked and its   
   infrastructure encrypted.   
      
   FULL STORY   
      
   Criminals from the Akira ransomware group have been found using an unsecured   
   webcam to launch their attack and encrypt their targets entire network.    
      
   This is according to cybersecurity researchers S-RM, who found the threat   
   actors first accessed their targets remote access solution, either by   
   brute-forcing the login credentials, or buying them off the black market.    
   From there, they installed AnyDesk to pivot to other devices on the network,   
   establish persistence, and steal sensitive data.    
      
   Then, they tried to deploy the encryptor for Windows, but were stopped by the   
   companys Endpoint Detection and Response (EDR) mechanism. After hitting this   
   roadblock, Akira looked for other devices, outside EDRs watchful eye, and   
   found a live webcam vulnerable to remote shell access.   
      
   Avoidable incident    
      
   The webcam ran on a different operating system based on Linux, allowing Akira   
   to use its Linux encryptor. Speaking to BleepingComputer , S-RM said Akira   
   used the webcam to mount Windows Server Message Block (SMB) network shares of   
   the company's other devices. Then, they encrypted the network shares over    
   SMB, successfully working around EDR.    
      
   "As the device was not being monitored, the victim organization's security   
   team were unaware of the increase in malicious Server Message Block traffic   
   from the webcam to the impacted server, which otherwise may have alerted   
   them," S-RM said.    
      
   To make matters worse, S-RM confirmed that a fix for the webcam was    
   available, meaning the entire attack could have been avoided with timely   
   patching.    
      
   Other details were not disclosed, so we dont know who the victims were, or   
   what type of files Akira stole in this attack. We also dont know if the   
   company paid any ransom demands, or if the stolen files made it to the dark   
   web.    
      
   Next to the infamous LockBit, Akira remains one of the bigger ransomware   
   threats out there, so users should be on their guard.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/hackers-spotted-using-unsecured-webcam-   
   to-launch-cyberattack   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426