Axis Postmortem And Answers on Cyberattack

By John Honovich, Published Feb 28, 2022, 09:25am EST (Info+)

After a cyberattack resulted in many Axis services being offline for a week, Axis has published a postmortem plus answered 7 questions from IPVM about the attack.

IPVM Image

In this note, we examine Axis postmortem, their responses to IPVM, and contrast it to the 2021 Verkada hack.

UPDATE: ******** ********

**** *** ******** *********** ********, ******* ****(****-**-** **:**). **** **** **** **** staff ******* *********** *** *******. **** report **** "*** ******** ************* ***** no *********** **** *** ********-, *******-, supplier-, ******* **** ** ****** **** was ********." **** ******** *** ******** in ********** **** ****.

**** ****** **** ******** ******** *** forensic ******* ** ******** *** ****** before *** *** **** *** ********. Therefore, ********-******* ******** **** ****. ***** services ******** **** *** **** ** that ******** ******** ***** ** **** for ******* ***** **** ****** ********* analysis.

**** *** *** ******** *** ******* of *** ******, ** **** **** down ******* ****** ** ***** ** determined. **** ******, "*** ************* ******** no ********** ******** ***** *** ****** to ***** ******** ************ ***** ** efficiently **** ******* *** ********* ****** completion, ***-******."

**** *** **** ** ****** *** threat ***** ******** ****: "******** *******, providing ********* **** ****** ******* ************, has **** ******* **********, ******** *** eradicated. ** ****** ** ********** ** other ******* ******* ******* *** **** found."

** *** *********** ******* ********* **** will **** *******.

IPVM Image

**********

************* ** ****** ** **** ****** page*** ******** ********* **** ** **.

IPVM Image

Social ***********

****** *********** *** **** ****** **** emphasized **** *** "******* ********** ********** such ** *********** **************" ***** *******.

********

"**** ****** ********* ******* ******* ******** "

** **** ******* ****** *** ***** of *** ****** *** ** ***** start *** ************* ****** * ****** of ***** ** ***** *******

No ****** *****

**** **** **** *** ****** ** the ******* ** ******* ** ****:

*** ******** ******* *** *** ****** is *******. ** **** **** ** stop *** ****** ** *** ***** stages ****** *** ***** ****** *** known. ** ********* ******* **** **** found ** ***.

*** ********* ****** **** ***** ******* to * ****** ******** ** **********.

Not ********** / ** *******

**** *** **** **** **** ** knowledge **** **** ** ********** *** that "** *****’* *** *** ******* with *** *********."

Country / ****** ** ********* ***********

** ***** **** **** **** ***** the *********, *.*., **** ******* **** were **** *** **** ******** ** share *** ***********, "*** ******** *******, we **** *** ******** ******* ********* the ****** ** *** ******."

Risks **** ****** ** *** ***

*** **** ******** ** ******* *** same **** ****** ******* *******, ***** has ****** **** ** ********* **** Russia *** ****** ****. *******, ** do *** **** ** **** *** simply ************.

**** ** **** ** **** ** attacks **** *** *** ***** **** video ************ ** ** ****** **** in ******** ************** ** *** ** and ***.

No ******** ** ******* ****

***** **** **** ** *** ********** that ** ******** **** *** ********, they ***** **** ** "******* ******* data" ** ******** ** * ******** from **** ***** **** ****** **** being ********:

** *** ** *** ************* *** shown ** ***, ** ****** *** attack ***** *** ******* ** **** it ****** *** ***** ****** *** done. ** ****no *********** that customer ** ******* ******* **** *** **** ******** in any way.

Shut ****, *** ***** ****

**** ********** **** **** **** **** their ******* *** **** *** ***** down, ****** ** **** *** *** shut **** ***** ******* **** ***** have ****** ***** ***** **** ** other ********* ********.

**** **** **** **** **** **** down ******* **** **** ***** ****** to *** **** **** ********:

** ***** ** **** ** ******* attack *******, *** ******** ** **** down ******** ******* ****** **** ******** systems **** **** ***** ****** ** be *********** **** *** **********. ** the ******, ** *** ******* ** securely ** ***** *** ******* *** production *****. ******** ***** ********* ***** time **** ** **** ******* ****** technically **********. ********* ** * ****** way ******* *** ******* ********.

Push ************* ******

*** ******* ** ****'* ******** ** take **** ***** ******* *** * lack ** ************ ** *********, ********* in *********** ********* ****** *** ***** 2 **** ***** **** *** *********. We ***** **** "**** *********** ** customers ** **** ** ********* ** some **** ** **** ************* *** outages" *** **** *********:

***. ** ***** ************ *** ******* our ******** *** *** ********* ******** in ***** *** **** ** **** educated ********* ***** ***** ***********.

Verkada **********

**** ** *** ******* ****** ************'* **** * **** ***. **** ******** **** ***** **** Verkada:

  • ******* *** * ***** ***** ******** that *** ******* ********.
  • ******* *** *** **** *********** ************** enabled *** ****.
  • *** ** *******'* ******* **** ******* as *** ******** ***** ******** ******* to ********'* *******.

******* **** * ****** ** ********* errors **** ****** ****.

** ********, ***** ** ** ********** Axis **** **** ********, **** ******** are ***** **** ****:

  • *** ******* ****** *** ***** ** to ***** * ***** ***** ********** and ******** ********* *** **** **** and *** ******* ****. *** **** hackers *** ******* *** ******** **** Axis ** ******* ***** ***** ********, it ****** ** * **** ******* attacker *** *** **** ** ** being *****-*********. ********, *** **** *** attacker **** ** ******* ***** ** less ****** **** **** ******** ******** to **** ***** *** **** ****** they ****** ********* ******** **** ****.
  • *** **** ****** **** ** *** roughly * ****. ***** **** * small ********** ** **** ********* *** Axis ***** ********, **** ***** ** likely ** ** * *********** ****** of ********* ***** **** ****.
  • **** ** * **** ******** **** critical ************** ***** ************ ********, ** any ****** ***** ** ************* **** of * **** **** *** ******* companies **** *** **** ******** **** in *** **********.

Shutting **** ******

*** ******* ******* ** *** **** disconnected *** ******* ****** ** ** increased ************** *** ****** ********* ******** problems.

*******, ****** **********"**** *** ******** ********* ******* ***********":

Stop ********** **** ****. Take all affected equipment offline immediately — but don’t turn any machines off until the forensic experts arrive.

** ** ************ ******** **** ******* ********** ******* (****** ***** **** says ** ********** **** **** ***). They ********* "****** *** ******* *********** offline" "** *** ****** *****" ****** "it *** *** ** ******** ** disconnect ********** ******* ****** ** ********":

IPVM Image

Comments (17)

****.*** ***** ***** ** **** **** issues.

**** **** ** *** ******* *** some ***** *** ******.

*** ********* ** ****.*** **** ***.****.***

Agree: 4
Disagree
Informative: 4
Unhelpful
Funny

* **** ******** ***** *** *** version ** ***** *******, *** **** is ** ******* ***** ** *** them ** ****** **** ** *** old ***...***

Agree: 2
Disagree
Informative
Unhelpful
Funny: 12

* **** * ***** ** **** but **'* ******** **** *** ***** used ** *** ****** ************ **** axis.com ** ***.****.*** *** ** **** mitigate **, **** ******** ******* *** DNS ********** ** *** ****** ****.

Agree
Disagree
Informative: 1
Unhelpful
Funny

*** ******** *** ***** ** ********** all ******** ************ *********** ** * way ** ******* *** ********* ***.

**** *** * **** ******* *******, but **** **** *********. ** **** had *** **** ****, ****** ***** have ****** **** ***, ** ********* could **** ***** ******** ****** *** moving ****** ***** ********** (******** **** were).

*** ** **** ********* *** "***". Typically, *** ******* ******** *******. ** the ****, **** **** ** *** bad, *** *** **** *** *** it *** ***, ** **** *** to ******************* *********** ********. ** ******* ************** pointed ***, ******** **** ******** *** not *** *******. *** *** ********* did ****** ********* ********, ***** *** incredible ***** ****** *** *******. *** the ******** **** *** ****** ** less *******, ****** ***** **** **** downhill.

******** **** *** ******** ** ***** and ******* *** ******** ********** ***** immediately **** *** ********* ** ******* and ********* ****** **** ** ****** operational ******.

***** *** ******* ****** *****"****** **** *****". **** *** ******, ******** ******* the ********, ********* *** ********* ******, and ******* **** ******. *** ** reinforce *** ********** ** ****** *******.

****, ******* ** ***** ********* *** identifying **** ********. ** *** ***'* log, *** *** *** **** ** able ** *** **** *** ******** compromised, *** ***** ****** ** ********** who **** **** *** **** **** were ****** ** **.

***** ******* ************ ** ****** ***********, attackers **** **** ** **** ** as * **** ******* ********** ********** such ** *********** **************.

****** **** ****** ** *** ******* link ** ********. ******. *** *** buy * ****** ********, * ******* IDS/IPS, *********/******** **********, ******* ****** ********* and ***, *** *** ***'* *** around ****** ***** ********* **** **** to ****** *** ******. *** ** you **** ******, *** *** ***** to **** ** **** **** ****** engineering.

---

* ***** **** ***** ** *** them ****** ********** ** * ****** site ****** * *** ** **, to ******** *********. **'* ******** **** the ************** ** *** ****** ***** that *** ****** ***** *** ******** been ******* ****. *** ****** **** could **** ****** **** **. ** you *********** **** ****** **** ****** or *****, **'* ******** **** ***** Sunday ******* *** *** ***** ** the **** **** ** ********* **** backup ***** **** **********. ********* **** will *** **** ** ** *********** to ******** ***** ******** ********** ***** so **** **** *** ****** **** if **** *** ** ****** **** this ** *** ******.

Agree: 6
Disagree
Informative: 9
Unhelpful
Funny

******* ** *** *** ******* ****, SMS ** **** ******** *** ** is *****. **** ****** *** * bad **** ***, *** **** ** use ***** **** ******, *** ******** supports ***** *** **** **** **** out *** ***** ***.

** ******** *** ** ******** *** token, ** ******** ** **** ******** or ***** *** *** **** ** physically ***** *** ****** ** ******** so ** ****** ** ******** *********.

Agree
Disagree
Informative
Unhelpful
Funny

**** ********* ** *** *** *** Microsoft ************* *** ***. *** **** about *** **** ** *** *****.

Agree
Disagree
Informative: 1
Unhelpful
Funny

**** **** ***** ****, *********, *** and ***** ***** *** ***** ** used ** ******** *** **** ** these ********. *** ** *** *** just ******* ******* ****** *** ** not *********. ** ******* ***** *** how *** ** *********** *** ******* or *** *** ** ****** ** exclusive ** *** **** *** ***** or ***** ********.

***** *** ***** ****** *** *** best *** ** ****** ******** *** the ******** **** ** ***** ****** it ** **'* ********* (******** *** token, ***. *** *** **** ***) and *** *** ** ****** **** and *** **** ***** ** **** point ** *** **** ***** ******* you **** **** ******, *** **** do **** ******** ***** ** ******* too.

**** ** **** *** **** ** these ************* ****. ******* ***** ***** tokens *** *** ** ************* *** which ******** *** *** * ****** to *** (*** ** ***-* ** Apple *********).

***** ** ******* **** ***** ***** this ***** * ***:

********* *************: * ***** ***** ** Security? - ******** ******** ****

** ***** **** **** **'* *** site *** ********, *** ***** *** the **************.

Agree: 1
Disagree
Informative
Unhelpful
Funny

* **** **** ****** ** ****** an *** ********* **** ** ********* 4. ********** ******** ** ** **** up *** ******* ** * **** out ** *** **** *****. **** to **** *** *** *** ********* have ******** **** **** ** ******** to *** ** *** *** ****. I **** ***** ** ******* *** firmware *** ********** *** ** *** functions ***** **** ** ******** ******** and ****** ** ********** **** *** site. ** ****** *** ****** ** the *.**.*.* ******** **** **** *** send ** ***** ** ******* ***********. Customers **** ** **** ***** * can *** **** ****.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

** **** ** **** ** *******, but *** ******** ****** ** ***********:

****** ******** ******** ******* ********** ***** suspected ***** ******

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

********** ****** ** ***** *** ********* to ** **** ****.

Agree: 4
Disagree
Informative: 1
Unhelpful
Funny

** ** ** *********** **** ** coincided **** *** ******* ********. ******* soldiers **** **** ****** ** ***** shooting *** ******** ******* *** **** was ****** **** ******* ****** ** help ****.

**********, ****** *** *** ***** **** for ****** ***** ***.

Agree: 3
Disagree
Informative
Unhelpful
Funny

**** *** **** ***** **** ****:

** *** ***** ******* ********, ******** 19 *** ******, ******** **, **** was *** ******* ** * ***** attack. ** ***** **** ** ***** more *********** ***** **** ******** **** you.

What *** ********?

**** ****** ********* ******* ********** ********** behavior ** *** ******** *** ********** to ********** *** ******* *** ********. Details *** ** ***** ** * post-incident ****** ********.****.***.

How *** **** *******?

** ***** ** **** *** ****** quickly, **** ************ ****** *** ******* to ******* *** ********, ********* *** their ****. ** **** **** ******** services *** **** *****, **** ** in- *** ******** *****. ******* ******** were **** ******** ********.****** ********* ***** ***********.

How *** ** ****** **** *** *** *********?

***** ******** ****** *** *********** *********, Axis ***** ********* ******** ** * pace ******** ** ******** ******** ***** our ******* ********. *** ***** ********-****** services **** **** ********* ****** *******. Gradually ** *** **** *****, **** external ******** **** *******, *** *** majority *** *** ********* *****.

** *****, ** **** ******* ***** of ******** ************, *** ** *** able ** *******:

• ** ******** **** ** *********** was ***********.

• ** ************* *******, ********/******** ** development, ** ********/******** ********* *** ******** were ********. *** *** *** ******** development ********.

• ********* *** **** ******** ** installed **** ********* **** ** **** Camera ******* **** *** *********** ** the ******, ****** ******** **** **** Secure ****** ****** **** ****** *** as * **********.

• *** ****** ********** *** ****** chain ******** ******* ********** ******* *** entire ******.

What ** *** ****** ** **** ****** ******* ******* ******?

*** ******* ****** ** **** ****** for *********** ******** ******* **** ** normal. **** ****** ******* ************** *** activate ******** *** *** ****** *** through **** *-****** *******. *** ********* awaiting ****** ** ******* ****, ** are ********* ** *** **** ****** back ****** ** ** **** ** accept *** ****** *** ********.

Why **** ******** **** **** *** ***** **** ****? **** ** *** ****** ***?

*** *** ******** ** *** *********, our **** ****** ** ****** *** to ** **** ****** **** ***** ensuring ****** *** *********** *********. **** currently ******** ** * ********** ****. This **** ******** ** **** ** the ******** ************* ** ******* *** until *** ******** *** *********** ** completed.

** ** ******** **, **** ******** facing ******** **** **** ******** **** some ***** ******** ******** *********. ** expect *** ***** ***** ** *** customer ****** ******** ** ** ********** available ****** * *** ****.

What **** ****** ***** *******?

**** *** ******* **** **** ******** and *** ************* *** *********, **** incident **** ** ******** *********** ** determine *********** **** *****. ** ***** like ** ****** *** **** **** incident **** ********** *** ******** ********** to *** ********** ** ************* *** to **** **********. ** **** ******* future ********** ** **** ******** ** heighten *** ********** ** ********, ******** and *********.

***** *** *** **** ******* *** cooperation. ** *** **** *** *********, please ** *** ******** ** ******* your ******** **** **************.

**** *******,

**** **************

Agree
Disagree
Informative: 1
Unhelpful
Funny

***. ** ***.

Agree
Disagree
Informative
Unhelpful
Funny

********** *** *** ********* ******** ******* are * *** ****.

*** ** **** *******. **'* **** so **********.........

*** *** ***** ****. ***'* ** the ****.

Agree: 2
Disagree
Informative
Unhelpful
Funny

**** *** ******* ***** * *** slower **** ****** ***. * *** taken **** *** * ****** **** someone ******** ** ***** ********* ***** working, *** * **** **** ** people ** ******** *** ******.****.*** ** well.

* ****** **** ***** ***** ***** services ** ** *****'* ********* ******* firewall ******* ** ******** *** ****** hosting ** **** **** ** ******** to ** ******** ***********.

Agree
Disagree
Informative
Unhelpful
Funny

**** ****** *** **** ******* **** the ********* ******* ***** ** *** forensic ******** **** **** ******:

UPDATE: ******** ********

**** *** ******** * *********** ******** ******, ******* ****(****-**-** **:**). **** **** **** **** staff ******* *********** *** *******. **** report **** "*** ******** ************* ***** no *********** **** *** ********-, *******-, supplier-, ******* **** ** ****** **** was ********." **** ******** *** ******** in ********** **** ****.

**** ****** **** ******** ******** *** forensic ******* ** ******** *** ****** before *** *** **** *** ********. Therefore, ********-******* ******** **** ****. ***** services ******** **** *** **** ** that ******** ******** ***** ** **** for ******* ***** **** ****** ********* analysis.

**** *** *** ******** *** ******* of *** ******, ** **** **** down ******* ****** ** ***** ** determined. **** ****** "*** ************* ******** no ********** ******** ***** *** ****** to ***** ******** ************ ***** ** efficiently **** ******* *** ********* ****** completion, ***-******."

**** *** **** ** ****** *** threat ***** ******** ****: "******** *******, providing ********* **** ****** ******* ************, has **** ******* **********, ******** *** eradicated. ** ****** ** ********** ** other ******* ******* ******* *** **** found."

** *** *********** ******* ********* **** will **** *******.

IPVM Image

Agree
Disagree
Informative: 2
Unhelpful
Funny

* ******** **** *** ******* ** double ***** *** *** ********* ** some ***** ****** ** *** ****** manager *** **** ******** ******** ****** the ******* ****** ******** ** *********** Axis's ********* ******* *** ***********. * only *** * *** ** **** checking, *** **** *** *******.

* **** ********* **** ** ******* they ***** ***** *** ********** ** their ********, *** **** ****** ** least ********* ** *** ****.

** ***** ******** ** *****, ***** response ***** ********** ** **.

Agree
Disagree
Informative: 2
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports