Versions Compared

Old Version 1

changes.mady.by.user George Sartzetakis

Saved on

compared with

New Version Current

changes.mady.by.user George Sartzetakis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

Incident start date & time: Sunday, August 28, 2022, 01:09 (GMT+3)

Incident end date & time: Thursday, September 28, 2022, 22:40 (GMT+3)


Status

Complete, supplementary actions pending

Summary

A security incident occurred that resulted to broad scale loss of access to cloud services hosted on interworks.cloud infrastructure in the Thessaloniki data center region

...

  • Extend enforced use of MFA to administrative accounts for remote/console access to all server systems (tick)

  • Further strengthen MFA resilience by use of hardware FIDO2 security keys (tick)

  • Enforce zero-trust policy on the endpoint detection and response (EDR) software running on all corporate server and workstation systems (tick)

  • Engage a 24x7 SOC to monitor and analyze traffic and activity patterns within the environment (tick)

  • Rebuild and isolate physical cloud infrastructure in Thessaloniki region (tick)

  • Decommissioning of vulnerable Hosted Exchange services (tick)

  • Review of current access policies on physical infrastructure (tick)

  • Review existing vulnerability management process (tick)

  • Schedule review of risk management process (tick)

  • Export Hosted Exchange services mailbox data and make them available to the end-users (in progress) (tick)

  • Rebuild and redeploy Azure Pack tenant portal to manage and administer IaaS workloads (in progress) (tick)

Timeline

Sunday, August 28, 2022, 01:09 (GMT+3)

...

Wednesday, August 31, 2022 

Public DNS, Cloud Databases and Acronis Cloud Backup on interworks.cloud services were successfully restored and brought back to operational status.


Thursday, September 1, 2022 - Tuesday, September 27, 2022

All affected services have been gradually restored - either in their original location and configuration or their backups were made available to end-users for direct use in other environments.


Thursday, October 6, 2022

The forensics analysis report was completed, confirming our initial findings regarding the attacker's entry point. No evidence of data exfiltration was discovered by the two independent firms that conducted the forensics investigation and analysis. At the same time, no customer has reported unauthorized access to, copy of, transfer, alteration or deletion of their data.