A group of cybercriminals managed to bypass a company's protections by using a webcam with a critical vulnerability. The worst part is that the incident could have been avoided.
When we tell you that to avoid cyberattacks, you need to update your devices, software and applications, we're not just talking empty words. A flaw in a Wi-Fi driver is enough to threaten billions of computers, for example. The company in question here should have applied this advice that has been repeated over and over again. It all starts when it becomes the target of the Akira gang, a group of dangerous cybercriminals using ransomware. They steal data, encrypt it to make it inaccessible and then demand a ransom.
The hackers first obtained credentials to the company's remote access system, either by finding the password themselves or by buying it on the Dark Web. They then stole the data and then extended their presence as much as possible in the hacked network.
Finally comes the last phase of the attack: sending the ransomware which will encrypt the documents. It hides in a .zip archive protected by a password. Except that the firm's EDF (Endpoint detection and response) detects it and blocks it. To summarize roughly, an EDF system is a more efficient antivirus. Akira members have to find something else.
Hackers break into a protected company's network through a webcam
As they scan the network, they come across two potential entry points, a fingerprint reader and a webcam. The hackers set their sights on the latter because it has a major flaw and runs on a version of Linux compatible with Akira's ransomware. Their actions go completely unnoticed since the accessory is not monitored at all by the company's EDF.
Read also – This cyberattack makes your screen pixels sing to steal your personal data
The gang succeeds in their coup and encrypts all the data. The story does not say what happens next. On the other hand, the security experts at S-RM are categorical on one point: there was a patch for the webcam that corrected the exploited vulnerability. As we said at the beginning of this story, update update your devices.
Source: Bleeping Computer
0 Comments