The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network.
Pierluigi Paganini reports:
Cybersecurity researchers at S-RM team discovered a novel attack technique used by the Akira ransomware gang. The ransomware group used an unsecured webcam to encrypt systems within a target’s network, bypassing Endpoint Detection and Response (EDR).
The researchers observed that the Akira ransomware was initially blocked by the EDR installed on the victim’s systems, which identified and quarantined the ransomware binary, preventing its deployment across the victim’s network.
The Akira ransomware group gained access to the network via a remote access tool, using AnyDesk for persistence and exfiltrating data. The attacker then moved via RDP to a server and attempted to deploy ransomware as a password-protected zip file, but the victim’s EDR tool blocked it.
Read more at Security Affairs.