Akira Ransomware Exploits Unsecured Webcam to Bypass EDR and Encrypt Networks

The Akira ransomware gang was recently discovered using an unsecured webcam to launch encryption attacks on a victim’s network. This method allowed them to bypass Endpoint Detection and Response (EDR) systems that were blocking the encryptor on Windows. The attackers moved laterally via RDP, accessed a webcam running a Linux OS, deposited encryption malware, and used SMB along with stolen AD credentials to mount file shares and encrypt data on a file server. This incident underscores the importance of network segmentation and the risks of having OT, IoT, and IT devices on the same network subnet.

Read the full article on BleepingComputer: Akira Ransomware Exploits Unsecured Webcam

You Should Know:

1. Network Segmentation Commands:

• Linux: Use `iptables` to create network segments.

  iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
  iptables -A INPUT -s 10.0.0.0/8 -j DROP
  

• Windows: Use PowerShell to configure firewall rules.

  New-NetFirewallRule -DisplayName "Block Subnet" -Direction Inbound -LocalAddress 192.168.1.0/24 -Action Block
  

2. RDP Security:

• Disable RDP if not needed:

  systemctl disable xrdp
  

• Restrict RDP access to specific IPs:

  iptables -A INPUT -p tcp --dport 3389 -s 192.168.1.100 -j ACCEPT
  iptables -A INPUT -p tcp --dport 3389 -j DROP
  

3. SMB Security:

• Disable SMBv1 on Windows:

  Set-SmbServerConfiguration -EnableSMB1Protocol $false
  

• Use `smbclient` to test SMB shares securely:

  smbclient -L //192.168.1.1 -U username
  

4. Webcam Security:

• Disable unused webcams on Linux:

  sudo modprobe -r uvcvideo
  

• Block webcam access via firewall:

  iptables -A OUTPUT -p tcp --dport 80 -j DROP
  

5. Endpoint Detection and Response (EDR):

• Use `chkrootkit` to scan for rootkits on Linux:

  sudo chkrootkit
  

• Use Windows Defender to scan for malware:

  Start-MpScan -ScanType FullScan
  

What Undercode Say:

The Akira ransomware attack highlights the critical need for robust network segmentation and the separation of OT, IoT, and IT devices. By implementing strict firewall rules, disabling unnecessary services like RDP and SMBv1, and securing endpoints with EDR solutions, organizations can significantly reduce their attack surface. Regularly updating and patching systems, along with monitoring network traffic for unusual activity, are essential practices to mitigate such threats. Always remember, a layered security approach is key to defending against sophisticated ransomware attacks.

For further reading, check out these resources:

• BleepingComputer on Akira Ransomware
• Linux Firewall Guide
• Windows Defender Documentation

References:

Reported By: Charlescrampton The – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

Whatsapp
Telegram