This I believe is quite clever. The Akira ransomware group was determined to get their wares on to a network, so when the EDR software blocked them, they decided to go after the next best thing; the web camera.
We know from this blog that the web camera field is open to many different types of vulnerabilities, so this should probably be no surprise to those that read this blog.
After they got in to the network through an exposed access solution, they deployed the legitimate tool AnyDesk and then moved through the network to deploy their wares.
After the failure thanks to their EDR solution, they spotted the aforementioned web camera and deployed the ransomware that way.
The name of the web cam is unknown, but we know that most manufacturers of web cams don’t make updates available. If they do, it is not known as the camera never phones home to ask for updates.
There is plenty more to learn from SRM, the company who assisted the company who was targeted, so please check the full article out.
The article is titled Ransomware gang encrypted network from a webcam to bypass EDR if this interests you.
Something tells me that we will see more of this in the future, but we’ll see about this. What are your thoughts? Sound off in the comments or through our contact page on the blog or main web site.
Thanks for reading!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.