Camera off: Akira deploys ransomware via webcam

SUMMARY :

Akira, a prominent ransomware group, accounted for 15% of incidents in 2024, showcasing novel evasion techniques. In a recent attack, Akira circumvented an Endpoint Detection and Response (EDR) tool by compromising an unsecured webcam to deploy ransomware. After initial detection, the group pivoted to exploit IoT devices, particularly a vulnerable webcam running Linux. This allowed them to execute their Linux ransomware variant without EDR interference. The incident highlights the importance of comprehensive security measures, including IoT device monitoring, network segmentation, and regular audits. Key takeaways include prioritizing patch management for all devices, adapting to evolving threat actor tactics, and ensuring proper EDR implementation.

OPENCTI LABELS :

ransomware,remote access,iot,anydesk,edr evasion,network segmentation,akira ransomware,webcam,smb protocol


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Camera off: Akira deploys ransomware via webcam