Skip to main content

Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack

 

Garmin Ransomware Attack
Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The News on condition of anonymity.

The company's website and the Twitter account say, "We are currently experiencing an outage that affects Garmin.com and Garmin Connect."

"This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience."

As a result, the company yesterday was forced to temporarily shut down some of its connected services, including Garmin Express, Garmin Connect mobile, and the website—restricting millions of its users from accessing the cloud services or even syncing their watches locally to the app.
Though not much information is available on technicalities of the cyber attack, some local media reports claim hackers have managed to compromise the company's application and database servers with ransomware.

It also says Garmin has sent announcements to its IT staff in Taiwan-based factories announcing the next two days of planned maintenance, i.e., July 24 and 25.

Multiple sources in the cybersecurity community suggest that the cyberattack may have involved WastedLocker, one of the targeted ransomware gang, known as the Evil Corp or Dridex.

Garmin ransomware attack

The modus operandi of the attackers behind WastedLocker involves compromising corporate networks, performing privilege escalation, and then using lateral movement to install ransomware on valuable systems before demanding millions of dollars in ransom payment.

According to experts at SentinelOne, WastedLocker is a relatively new ransomware family active for the last few months and has since been attacking high-value targets across numerous industries.

WastedLocker uses JavaScript-based SocGholish toolset to deliver payload by masquerading as system or software updates, exploits UAC bypass techniques to elevate privileges, and leverages Cobalt Strike for lateral movements.

"All the security technology in the world is not going to protect against determined attackers. 97% of losses stem from socially-engineered attacks and over 90% are initiated by email," Lucy Security CEO Colin Bastable shared a comment with The Hacker News.

"There are no front lines in cyberwarfare – we are all fair game for bad actors, and no entity or person is safe from cyber-attack. Train your people to detect and resist ransomware attacks – just as you patch systems, patch your people with regular, varied, continuous and well-planned security awareness training to make them part of your defenses," Bastable added.

Gurucul CEO Saryu Nayyar also suggested the same:

"You just don't know when the bad guys are going to attack and who will be their next victim. However, what we do know is every organization is susceptible to ransomware attacks."

"So, do what you can to prepare and respond. Hopefully, Garmin has a daily backup regimen for the company's systems and data. That's table stakes. If you get hit, at least you can recover your data."

Garmin has not yet officially confirmed whether the incident is a ransomware attack or not, but we have contacted the company and will update the story as soon as we receive more information on this incident.

Comments

Popular posts from this blog

Applications and Threats Content Release Notes

  Threat Intelligence Report Top Attacks and Breaches The biochemical systems at an Oxford university research lab currently studying the Covid-19 pandemic has been  breached . Clinical research was not affected by the incident. Breached systems include machines used to prepare biochemical samples, and hackers are currently attempting to  sell  their access to those machines. Twitter has permanently  suspended  multiple accounts found to be part of four disinformation campaign networks, most likely operated by state-sponsored actors associated with Iran, Russia and Armenia. The Iranian infrastructure was previously used to disrupt the 2020 US presidential campaign discourse. Gmail accounts of global pro-Tibet organizations have been  targeted  by the Chinese APT TA413, an espionage group known for its operations against civil dissidents. The campaign leverages a customized malicious Mozilla Firefox browser extension to gain control over the victims’ Gmail accounts. Npower, a British ga

Cisco Releases Security Updates for Cisco ASA 5506-X, 5508-X, 5516-X and Firepower// Cisco Bug IDs: CSCvp36425

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note:  Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability. Cisco has rel

Site-to-site IPsec VPN with two FortiGates

In this example, you will allow transparent communication between two networks that are located behind different FortiGates at different offices using route-based IPsec VPN. The VPN will be created on both FortiGates by using the VPN Wizard's   Site to Site - FortiGate   template. In this example, one office will be referred to as HQ and the other will be referred to as Branch. 1. Configuring the HQ IPsec VPN On the HQ FortiGate, go to  VPN > IPsec Wizard . Select the  Site to Site  template, and select  FortiGate . In the  Authentication  step, set  IP Address  to the IP of the Branch FortiGate (in the example,  172.20.120.135 ). After you enter the gateway, an available interface will be assigned as the  Outgoing Interface . If you wish to use a different interface, select it from the drop-down menu. Set a secure  Pre-shared Key . In the  Policy & Routing  step, set the  Local Interface . The  Local Subnets  will be added automatically. Set  Remote