Exploiting an unsecured webcam enabled the Akira ransomware operation to successfully launch endpoint detection and response system-evading encryption attacks against a targeted organization whose EDR initially prevented encryptor execution in Windows devices, according to BleepingComputer.
Infiltration of the targeted corporate network through an exposed remote access solution already allowed Akira to deliver AnyDesk, exfiltrate data, and leverage Remote Desktop Protocol for lateral movement only for its succeeding ransomware payload to be blocked by the EDR tool, prompting another network scan that resulted in the discovery of the vulnerable Linux-based webcam, a report from cybersecurity firm S-RM revealed.
After mounting Windows Server Message Block network shares of the organization's devices on the webcam, Akira proceeded to launch its Linux encryptor without being detected by the EDR software, said researchers, who noted that the attack could have been prevented had the organization remediated the webcam's flaws.
Such findings indicate the pitfalls of EDRs, which should prompt the implementation of other security measures, including access restrictions for IoT devices.
