[BreachExchange] Swedish Security Solutions Provider Axis Hit by Cyberattack

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Mon Feb 28 14:40:51 EST 2022


https://www.securityweek.com/swedish-security-solutions-provider-axis-hit-cyberattack

Axis Communications, a Sweden-based company whose network cameras and other
physical security solutions are used by government and private sector
organizations from around the world, was recently hit by a cyberattack that
disrupted its operations.

Axis informed customers about an “IT-related intrusion” on February 21, one
day after its cybersecurity systems detected the breach. Public-facing
services were shut down globally to limit potential impact.

In an update shared on Sunday, the company said the attack involved social
engineering and account takeovers, with the attackers managing to bypass
multi-factor authentication. The attacker also used “advanced methods” to
elevate their access and compromise internal directory services.

The company decided to shut down all network access globally, which
resulted in disruption to employee and partner services.

On its website, the Canon subsidiary says it has more than 3,800 employees
across over 50 countries and it reported sales of roughly $1.2 billion in
2020. This makes it a tempting target for profit-driven cybercriminals.

However, it’s still unclear if this was a ransomware or other type of
attack. The company said “no servers have been found to be encrypted,” but
it did confirm that malware was found.

“No customer information has been found to be affected in any way. In
total, we find limited signs of damaging consequences aside of the general
embarrassment and productivity loss as we clear services for production
step by step,” the company stated.

It’s worth noting that not all ransomware attacks involve file-encrypting
malware. In some cases, the attackers try to make a profit only by
threatening to leak or sell data stolen from the victim.

Axis said on Sunday that most of its external-facing services had been
restored, but the company will operate in a “restricted mode” until the
forensic investigation prompted by the incident has been completed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220228/4f7374cf/attachment.html>


More information about the BreachExchange mailing list