A series of recent reports have highlighted web and IP cameras as key enablers of devastating cyberattacks, acting as springboards for hackers to deploy malware.
A ransomware gang gained initial access and deployed its tools, but it hit a wall when an antivirus solution quarantined its files. Fortunately, it found a webcam on a network.
Akira ransomware, which accounts for around 15% of incidents, compromised the webcam and used it to circumvent the Endpoint Detection and Response (EDR), a report by the S-RM team found.
“The EDR tool identified and quarantined the ransomware binary, which inhibited Akira’s ability to deploy the malicious code across the victim’s environment. Not to be deterred, the threat actor then conducted a network scan and identified an unsecured webcam on the same network,” last week’s report read.
Hackers scanned the network during the initial stages of the attack and found several IoT (Internet of Things) devices, such as a fingerprint scanner and a vulnerable webcam.
The webcam’s critical flaws enabled remote code execution and unauthorized remote viewing. The device was running a lightweight Linux operating system without any antivirus software. Akira used it to deploy a Linux ransomware variant and encrypt files across the victim’s network.
The webcam was not being monitored, and the security team was unaware of the increase in malicious Server Message Block (SMB) traffic from the webcam to the impacted server.
Another warning comes from CISA, the US Cybersecurity and Infrastructure Security Agency, which found that hackers are actively exploiting a critical flaw within Edimax IC-7100 IP cameras.
The vulnerability allows remote command execution with relatively low complexity, and public exploits are also available. Several botnets have already abused the flaw. However, the Taiwanese company did not respond to CISA’s requests to coordinate the vulnerability.
The agency is urging the minimization of network exposure for all control system devices and systems, putting them behind firewalls and isolating them from core business networks.
The recent reports follow multiple other warnings by the US authorities. In February, the US Department of Homeland Security (DHS) alerted about the potential threats posed by the internet-connected cameras produced in the People's Republic of China (PRC).
State-level threat actors are able to access these cameras, which “probably enables Beijing to conduct espionage or disrupt US critical infrastructure.”
“These devices typically lack data encryption and security settings and have default settings to communicate with their manufacturers,” the DHS said.
“There are tens of thousands of PRC-made cameras on the networks of US critical infrastructure entities – including within the chemical and energy sectors – some of which are connected to operational technology (OT) networks.”
The FBI also issued a warning at the end of last year about malicious campaigns hacking Chinese-branded IoT devices, such as web cameras and DVRs, deploying remote access trojans (RATs), such as HiatusRAT, and launching DDoS attacks.
“Malicious cyber actors commonly use RATs to take over and control a targeted device from a distance,” the FBI said.
S-RM warns that IoT devices frequently escape rigorous security audits and retain default passwords and outdated software, offering threat actors potential pivot points in supposedly secure environments.
The researchers recommend placing IoT devices on a segmented network that cannot be accessed from servers or user workstations. Regular patching with the most recent updates, using complex credentials, traffic monitoring, and audits also help protect against hackers.
“Keep IoT devices switched off when they are not in use,” S-RM said.
Your email address will not be published. Required fields are markedmarked