Axis Issues Response to Cyber Attack on Internal Directory Services

LUND, Sweden — Axis Communications has released a post mortem following a cyber attack it suffered Feb. 19-20.

According to the company, the attackers were able to sign in as a user by employing several combinations of social engineering, despite protective mechanisms such as multifactor authentication.

Once inside, the attackers used advanced methods to elevate their access and eventually gain access to directory services. No servers were found to be encrypted, but the company did find malware and indications that internal directory services were compromised.

No customer information was found to be affected in any way and Axis says  in total, it found limited signs of damaging consequences “aside of the general embarrassment and productivity loss.”

Axis’ threat detection systems alerted incident staff of unusual, suspicious behavior, and investigations early Sunday morning. IT management decided to bring in external security experts and eventually it was confirmed that hackers were active inside Axis networks.

The company then decided to disconnect all external connectivity immediately as a way of cutting the intruders off. This resulted in a loss of external services for Axis staff, such as in- and outbound email. Partner services were also affected with axis.com and extranets being unavailable.

As of Feb. 27, most external facing services have said to have been restored with some still awaiting security clearance. Regarding Internet facing services, Axis currently operates in a restricted mode.

It says this will continue as long as the forensic investigation is ongoing and until the cleaning and restoration is completed. Restricted mode mainly affects the company’s internal work streams and has very limited effect on customers and partners. Axis says it expects the final parts of its customer facing services to be completely available within a few days.

The company adds that technical security mechanisms have been raised in general across the board to limit the risk of any similar future event and it will provide more information if its “ongoing investigation uncovers events of further relevance.”

You can read the full release here.

The post Axis Issues Response to Cyber Attack on Internal Directory Services appeared first on Security Sales & Integration.



from News Archives - Security Sales & Integration https://www.securitysales.com/emerging-tech/cybersecurity-tech/axis-cyber-attack-internal-services/
via IFTTT

Comments

Post a Comment

Popular posts from this blog

Total Tech Summit Puts Call Out for Top Integrators to Apply Now

Image
FRAMINGHAM, Mass. — Total Tech Summit announces that applications are now being accepted to attend this year’s event. Comprised of the  SSI Summit, CE Pro Summit and Commercial Integrator Summit, this year’s event will take place in Las Vegas at the MGM Grand Hotel and Casino, Nov. 13-15. At this all-expense-paid, exclusive event, VIP guests will have the chance to sit in on industry-defining sessions, key boardroom presentations, and be able to meet one-on-one with potential vendors. Total Tech Summit brings together the best in class to share ideas, learn from others, and most importantly, accelerating the next stage of their businesses. It is the only event of its kind that bridges channels and connections by bringing together professional security, commercial AV and residential AV integrators. Another perk of the Total Tech Summit is the VIP Peer-to-Peer groups. These group conversations take place throughout the months leading up to the event and are guided by the editors of t
Read more

Top 10 Security Stories From October 2021: China Ban Gains Steam, Vivint Countersues ADT

October saw its fair share of legal issues and acquisitions. This month, lawsuits involved home security companies, a gunshot detection provider and even a media company. Vivint Smart Home is seeking retribution for the lawsuit ADT filed against it last year that alleged Vivint salespeople go to ADT customers’ homes, get them to sign Vivint contracts and install the company’s alarm systems in their homes under false pretenses. Vivint had requested a motion to have that lawsuit dismissed, but when the judge denied the motion, Vivint launched a countersuit claiming it is in fact ADT that is deceiving and stealing its customers. Gunshot detection provider ShotSpotter filed a lawsuit against media company Vice, alleging it is profiting off of fabricated claims. Vice has been critical about ShotSpotter’s technology in a multitude of articles. Though not a lawsuit, Dahua and Hikvision continue to feel pressure from the U.S. government as it considers a new measure that would make it imp
Read more

Minnesota AG Calls for Cancellation of Home Security Contracts for Alleged Fraud

STEARNS COUNTY, Minn. — Bring Me the News reports that Minnesota’s Attorney General, Keith Ellison, says he’s gotten consumers in Stearns County out of home security contracts after they were misled by a door-to-door salesman. According to the report, Ellison’s office announced that home security companies Skyline Security Management and Safe Home Security have agreed to their cancel contracts with customers in and around Stearns County who purchased their systems from door-to-door salesman Gary Harvey. “Door-to-door salesmen and their employers are in the business of trust-building,” Ellison said in a statement. “They know they need to have your trust to sell you their products, particularly expensive products like security systems that are supposed to keep your home safe. When that trust is betrayed, it’s emotionally and financially painful. I appreciate Skyline and Safe Home taking the right step in canceling these contracts while my office does what we can under the law to hold M
Read more