Axis Issues Response to Cyber Attack on Internal Directory Services

Despite indications that internal directory services were compromised, Axis says no customer information was found to be affected in any way.

LUND, Sweden — Axis Communications has released a post mortem following a cyber attack it suffered Feb. 19-20.

According to the company, the attackers were able to sign in as a user by employing several combinations of social engineering, despite protective mechanisms such as multifactor authentication.

Once inside, the attackers used advanced methods to elevate their access and eventually gain access to directory services. No servers were found to be encrypted, but the company did find malware and indications that internal directory services were compromised.

No customer information was found to be affected in any way and Axis says  in total, it found limited signs of damaging consequences “aside of the general embarrassment and productivity loss.”

Axis’ threat detection systems alerted incident staff of unusual, suspicious behavior, and investigations early Sunday morning. IT management decided to bring in external security experts and eventually it was confirmed that hackers were active inside Axis networks.

The company then decided to disconnect all external connectivity immediately as a way of cutting the intruders off. This resulted in a loss of external services for Axis staff, such as in- and outbound email. Partner services were also affected with and extranets being unavailable.

As of Feb. 27, most external facing services have said to have been restored with some still awaiting security clearance. Regarding Internet facing services, Axis currently operates in a restricted mode.

It says this will continue as long as the forensic investigation is ongoing and until the cleaning and restoration is completed. Restricted mode mainly affects the company’s internal work streams and has very limited effect on customers and partners. Axis says it expects the final parts of its customer facing services to be completely available within a few days.

The company adds that technical security mechanisms have been raised in general across the board to limit the risk of any similar future event and it will provide more information if its “ongoing investigation uncovers events of further relevance.”

You can read the full release here.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters