Connect with us

Cyber Security

Axis Communications shares details on disruptive cyberattack

Published

on

Axis Communications has published a post mortem about a cyberattack that caused severe disruption in their systems, with some systems still partially offline.

The Swedish manufacturer of network cameras, access control systems, and surveillance network appliances suffered a cyberattack on Sunday, February 20, 2021, forcing it to shut down all systems to limit the impact.

Axis is a subsidiary of Canon that has an annual operating income of over $1.235 billion (2019 data), accommodating customers’ needs in a wide range of industries.

As such, taking down all external-facing services inevitably affected customers and partners, albeit limited, according to the vendor.

Mostly a business interruption

In the days following the network intrusion, the firm engaged with third-party experts to investigate the incident and gradually re-introduce critical services to its clients.

Yesterday, this investigation was completed, and the following results were reported:

No servers have been found to be encrypted, but we found malware and indications that internal directory services were compromised. No customer information has been found to be affected in any way. In total, we find limited signs of damaging consequences aside from the general embarrassment and productivity loss as we clear services for production step by step.

At this time, OS and application upgrades are still facing outages, while the Camera Station licensing system is also unavailable.

Axis Communication service status
Axis Communication service status (Axis)

Based on the investigation findings, the network intruders used social engineering to take over an employee’s account and enter the system without raising any alarms.

Axis underlines they have now implemented additional mechanisms to reduce the chances of a human error having a significant impact on its security stance.

No software flaws this time

While Axis Communications declares embarrassment from this incident, no software-level flaws were involved in the network breach.

In October 2021, Nozomi Networks published the details of three vulnerabilities affecting Axis OS that impacted the entire product line of the Swedish firm.

Being a cybersecurity-focused company, Axis patched the flaws via a security update released within a week from their discovery.

As such, the fact that OS updates are temporarily out shouldn’t be an issue if you have applied Axis OS updates after October 2021.

Source: https://www.bleepingcomputer.com/news/security/axis-communications-shares-details-on-disruptive-cyberattack/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO