No encrypted servers or clients pointing to a ransomware attack have been found. The investigation provides no conclusive evidence since the choice to block internet connectivity seems to efficiently have stopped the intrusion before completion, mid-attack. There has been speculation about the purpose of the attack. What is known about the purpose of the attack? Authorities have been notified about the known loss of personal data according to the European legislation GDPR. Additionally, cross referencing log files of different systems at the time period of the intrusion further supports that conclusion. The forensic analysis concluded that the only information verified to have been exposed is Axis contact information including employee names and phone numbers. No product related software has been found to be affected. No third party data (such as customer-, partner- and supplier information) has been found to be affected. The initial findings from the Post Mortem still hold true. Some comes from machines that proved to be affected by the intrusion, but the majority of our infrastructure was cleared without any traces of illegitimate activity. The extensive analysis has gone through very large amounts of data from our technical environment. The forensic analysis is now mostly finished. Acting in close collaboration, a joint team of external forensic experts and Axis senior staff have led the work, ensuring that decisions and steps taken meet highly set goals for security, forensic conclusions and business continuity. The incident management process and forensic analysisĮxternal security and forensic experts were contacted as soon as the intrusion was detected. Until then, Axis operates in a restricted mode to ensure security while completing the final stages of the clean-up. Remaining systems will be made available step by step as soon as systems are cleared. The current status is a stable baseline for all key business processes and most important systems. Starting in the morning of Sunday February 20, forensic work began in parallel with clearing activities to clean, restore and relaunch services. As a result, intruders were blocked from access. This was done with priority Sunday February 20. In order to protect customer-, partner- supplier- and Axis-internal data, a decision was made to completely disconnect all Internet facing services. On the night between Saturday February 19 and Sunday February 20 (CET), Axis was the subject of a cyber-attack, targeting internal systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |