Skip to main content

Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack

 

Garmin Ransomware Attack
Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The News on condition of anonymity.

The company's website and the Twitter account say, "We are currently experiencing an outage that affects Garmin.com and Garmin Connect."

"This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience."

As a result, the company yesterday was forced to temporarily shut down some of its connected services, including Garmin Express, Garmin Connect mobile, and the website—restricting millions of its users from accessing the cloud services or even syncing their watches locally to the app.
Though not much information is available on technicalities of the cyber attack, some local media reports claim hackers have managed to compromise the company's application and database servers with ransomware.

It also says Garmin has sent announcements to its IT staff in Taiwan-based factories announcing the next two days of planned maintenance, i.e., July 24 and 25.

Multiple sources in the cybersecurity community suggest that the cyberattack may have involved WastedLocker, one of the targeted ransomware gang, known as the Evil Corp or Dridex.

Garmin ransomware attack

The modus operandi of the attackers behind WastedLocker involves compromising corporate networks, performing privilege escalation, and then using lateral movement to install ransomware on valuable systems before demanding millions of dollars in ransom payment.

According to experts at SentinelOne, WastedLocker is a relatively new ransomware family active for the last few months and has since been attacking high-value targets across numerous industries.

WastedLocker uses JavaScript-based SocGholish toolset to deliver payload by masquerading as system or software updates, exploits UAC bypass techniques to elevate privileges, and leverages Cobalt Strike for lateral movements.

"All the security technology in the world is not going to protect against determined attackers. 97% of losses stem from socially-engineered attacks and over 90% are initiated by email," Lucy Security CEO Colin Bastable shared a comment with The Hacker News.

"There are no front lines in cyberwarfare – we are all fair game for bad actors, and no entity or person is safe from cyber-attack. Train your people to detect and resist ransomware attacks – just as you patch systems, patch your people with regular, varied, continuous and well-planned security awareness training to make them part of your defenses," Bastable added.

Gurucul CEO Saryu Nayyar also suggested the same:

"You just don't know when the bad guys are going to attack and who will be their next victim. However, what we do know is every organization is susceptible to ransomware attacks."

"So, do what you can to prepare and respond. Hopefully, Garmin has a daily backup regimen for the company's systems and data. That's table stakes. If you get hit, at least you can recover your data."

Garmin has not yet officially confirmed whether the incident is a ransomware attack or not, but we have contacted the company and will update the story as soon as we receive more information on this incident.

Comments

Post a Comment

Popular posts from this blog

Be fraud aware - What are phishing, smishing and vishing.

  You may have heard the terms phishing, smishing or vishing before, but what exactly do they mean? At their core, all three terms are a type of financial fraud which tricks unsuspecting victims into giving out sensitive personal information, handing over money or installing malware onto their device. The only difference between each term is the channel via which you can be targeted; phishing refers to scam emails, smishing refers to scam text or WhatsApp messages and vishing takes place over the phone. Phishing The most common phishing method encourages victims to visit a malicious website through a fake email message, which appears to be sent from a legitimate company or source (e.g. from a bank, HMRC, a delivery company or the NHS). For example, you might receive an email which appears to be from an organisation who you’re familiar with, asking you to click on a link. At this point you will be taken to a webpage on which you’re asked to submit sensitive data, such as passwords, ...
Post a Comment
Read more

How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19

The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work. There are several trends taking place as a consequence of the outbreak, which has only continued to heighten the need for the tightest possible cybersecurity. Tools for Collaboration There has been a massive spike in the adoption of Tools for Collaboration as a consequence of COVID-19. Concerns about the coronavirus have caused an enormous increase in remote working, with many organizations requiring or at least encouraging their workers to stay at home—especially when cities, states, and even some entire nations are ultimately into lock down in a bid to spread the stem of the disease. Meanwhile, with millions working from home for many weeks now, there has been a spike in the video conferencing and online collaboration software, many of which are fortunately entirely free, allowing organizations...
Post a Comment
Read more

March – Threat Intelligence Bulletin

Top Attacks and Breaches Global fear of the Corona virus epidemic continues to be exploited for malicious cyber operations. Check Point Research  reports  of thousands of newly registered coronavirus related domains, which are 50% more likely malicious than other domains. CPR also informed of a Trickbot campaign using a fake health warning document to target Italian users. Colorado based space and defense parts manufacturer, Visser Precision, has fallen victim to a DoppelPaymer  ransomware  Information stolen from Visser and its customers, including Tesla, Lockheed Martin, SpaceX and Boeing, has been published online in  another  attempt to extort ransom payment. An unidentified demographic and financial information database, hosted on Google cloud, has been left  unsecured  for more than a month. Containing over 200 million records, the exposed information included name, address, email address, credit rating, income, net worth property ...
Post a Comment
Read more