As a result of hacking the infrastructure of Verkada, which supplies smart surveillance cameras with support for facial recognition, attackers gained full access to more than 150 thousand cameras used in companies such as Cloudflare, Tesla, OKTA, Equinox, as well as in many banks, prisons, and schools , police stations and hospitals.
Members of the hacker group APT 69420 Arson Cats mentioned that they had root access to devices on the internal network of CloudFlare, Tesla and Okta, and cited as evidence video recordings of images from cameras and screenshots with the results of executing typical commands in the shell. The attackers said that if they wanted, they could gain control of half the Internet in a week.
The Verkada hack was carried out through an unprotected system of one of the developers, directly connected to the global network. On this computer, the parameters of an administrator account with access rights to all elements of the network infrastructure were found. The rights obtained were sufficient to connect to client cameras and run shell commands on them with root rights.
Representatives of Cloudflare, which maintains one of the largest content delivery networks, confirmed that the attackers were able to gain access to Verkada surveillance cameras used to monitor corridors and entrance doors in some offices that have been closed for about a year. Immediately after identifying unauthorized access, Cloudflare disconnected all problematic cameras from office networks and conducted an audit that showed that customer data and workflows were not affected during the attack. For protection, Cloudflare uses a Zero Trust model, which involves isolating segments and ensuring that hacking of individual systems and suppliers will not lead to compromise of the entire company.
Source: opennet.ru