Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Akira Ransomware Uses Webcam to Bypass EDR

March 7, 2025
Reading Time: 3 mins read
in Alerts
AI Tools Fuel Nonconsensual Porn Creation

The Akira ransomware gang employed a highly unorthodox attack method to circumvent Endpoint Detection and Response (EDR) security measures. Initially, the threat actors gained access to the victim’s network via an exposed remote access solution, likely exploiting stolen credentials or brute-forced passwords. Once inside the network, the attackers deployed AnyDesk, a legitimate remote access tool, to gain further access to sensitive data. This data was subsequently used for a double extortion attack, where the attackers threatened to release the stolen information unless a ransom was paid. Moving laterally across the network using Remote Desktop Protocol (RDP), Akira was able to expand their presence across multiple systems within the company, eventually preparing to deploy ransomware onto the victim’s devices.

When Akira attempted to drop the ransomware payload in the form of a password-protected ZIP file, the victim’s EDR tool detected and quarantined the payload, successfully blocking the attack.

Undeterred, the attackers began to search for alternative devices that could be leveraged for encryption. During this search, they discovered a webcam and a fingerprint scanner within the network. The webcam, running a Linux-based operating system, was found to be particularly vulnerable as it lacked any EDR software and was not being monitored by the victim’s security team. This made it an ideal device for the attackers to exploit and mount network shares from other devices on the victim’s network.

Once the attackers gained access to the webcam, they used it to mount Windows SMB network shares from other devices on the network, enabling them to carry out the encryption process.

By using the webcam’s Linux operating system, which was compatible with Akira’s Linux encryptor, they were able to bypass the victim’s EDR system and encrypt files across the network. This encryption attack went unnoticed because the webcam, being an Internet of Things (IoT) device, was not subject to the same level of scrutiny as the victim’s primary network systems. The increase in malicious Server Message Block (SMB) traffic originating from the webcam went undetected, and the victim’s security team was unaware of the attack until it was too late.

S-RM, the cybersecurity firm investigating the incident, explained that the flaws in the webcam could have been mitigated if patches were applied. The attack highlights the limitations of relying solely on EDR protection, as it can be circumvented if devices outside the primary security perimeter are exploited. The incident also serves as a reminder of the growing risks posed by IoT devices, which are often overlooked in security protocols and not closely monitored or updated. To reduce the risk of such attacks, organizations must isolate IoT devices from sensitive network areas, apply regular firmware updates, and adopt a multi-layered security strategy that extends beyond traditional EDR solutions to protect against sophisticated threats.

Reference:
  • Akira Ransomware Uses Unsecured Webcam to Bypass EDR and Launch Attack
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMarch 2025
ADVERTISEMENT

Related Posts

Water Curse Group Hits Developers Via GitHub

Water Curse Group Hits Developers Via GitHub

June 17, 2025
Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

June 17, 2025
Water Curse Group Hits Developers Via GitHub

CISA Warns Of Apple Zero Click Exploit

June 17, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

PyPI Malware Steals AWS, CI/CD, macOS Data

June 16, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

Image Hiding in DNS TXT Records

June 16, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

June 16, 2025

Latest Alerts

Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

CISA Warns Of Apple Zero Click Exploit

PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

Image Hiding in DNS TXT Records

Subscribe to our newsletter

    Latest Incidents

    Zoomcar Data Breach Hits 8.4 Million Users

    Qilin Gang Leaks Asefa FC Barcelona Data

    Gunra Claims 45TB Hack On Colombia Justice

    Hackers Leak 10K VirtualMacOSX Customer Data

    Canada WestJet Airline Contains Cyberattack

    Washington Post Investigates Cyberattack on Emails

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial