Executive *******
*** ********* **** **** Avrio ******** ********** ** ****, Cradlepoint *** *******.
Source *********
*** ********* (*, *) ******* *** ******** purchased ** *** *** to ******* * ******** CCTV ****** ** ****: (1)**** ******** *********** (*)**** *** ************. *** ***** ********, which ******** *** ******** price ********* *** ******** of ** "******* **** Camera ******** ******* ******* Surveillance ******" (*****) *** the ******, ****** *** component *********.

***** **********
*** ******* *** * product ** ***** *** Group. ***** *** ** IP ***** *** ******* in ******, **. ***** the ********** ** ***** cameras, Avrio *** ***** ******** by *******.
***** *******

*****'* ******* *** ******** at ************** **** ****** to ****** ****** ******* and ********* **** ***** areas. *******'* ***** ** configured **** ********* ******** to **** ******** ************, at *** **** ***** listed ****, ********, *******, OnSSI, *** **** ** some ** ***** ********.
MPD ******* *************
******* *********** *** ******** ********* *** ******** ********* being **** ** *** Polecams deployed ** *** ***. The ******* ********** ********:
*** *********** ****** ********* that ***** ******* **** using ******** ************** *** video ******. *******, *** it *** ********** *** how * ****** *** able ** ****** *** equipment ** *******.
Ransomware ******
** * ********** **** ******* ** the ****, *** ***'* *** said **** ********** *** found ** *** ********* (presumably ******* **-** *****). ********** ******** data ****** ** * machine ***** *** **** pays *** **** ** receive * ********** *** to ******* *** **** to ** *********** ******. It ** *** *** known *** ****** ** the **-**'* *** *********** to ***** ******* ** install *** **********.
Ongoing *************
** *** ********** ** investigate *** ******* ** the ****, ********* ************* with *** ************* ********, and **** ******* * separate ****** **** **** information ******* *********, ****** from **** ** **** other *******. ****** **** direct *********, ****** ******* us ** ****@****.*** ************* ***** **.
Comments (14)
Undisclosed #1
Can Hitachi shed more light on this as Avrio is part of them?
Create New Topic
Create New Topic
Marty Calhoun
Thank you for the story and we look forward to the final report.
It will be interesting to see how far or how deep the published results will be concerning GENETEC, AXIS or CRADLE POINT. Amazing that this apparent 'hack' has even made it to the news without blaming Chinese camera manufacturers.
Create New Topic
Undisclosed #2
So it was a Windows machine after all!
That makes sense because that's the platform that ransomware overwhelmingly targets.
One scenario would be that a user PC was infected first thru an ill-advised download. Once a client PC was infected, state of the art ransomware has the capability to infect other PCs on the LAN based on credentials found out the infected PC.
Create New Topic
Undisclosed Integrator #3
IPVM must have been so disappointed it wasn't Hikvision.
Create New Topic
Paul King
So the hack occurred outside MPD's firewall? And also was it done wirelessly? Questions to ask, before sounding the alarm.
Create New Topic
Samuel Rodgers
Sounds like they went in through the cell 4G modem to access the sv16...i am assuming each pole site has an SV16 connected to the 4G router to connect back to main genetec system, and a small switch connected to the cameras on a local network.
We have a similar setup since we have a bunch of scattered buildings that connect back to main system over the internet, sv16 and axis cameras. However we do have a cisco firewall appliance at each location to protect our SV16s, so that those are only reachable from within our own network. Without that, it would just be a windows machine exposed to everything.
Create New Topic
Matthew Netardus
Has there been any information released about how this first came to light, or how the infection started (was it a hack of the wireless system, through a camera, through the NVR's, or done with a physical attack on the hardware itself)?
Were any other DC systems compromised as a result of this or was it contained to just the edge based appliances?
Create New Topic
Robert Shih
02/24/17 11:10pm
I think...and this may be a wild guess, this is a Windows vulnerability. Especially with the ransomware element and the fact that the Genetec appliance is Windows (and from 2013 probably 7 Pro [8 if they were stupid]) based...and knowing the overall mindset, they probably disabled updates so it was vulnerable.
In fact, chances are, most of the rest of the equipment probably isn't compromised. Just the NVR.
Create New Topic