Could Garmin’s Cyber Attack Have Been Avoided?

Garmin users have been unable to access information from their devices for the past few days following a suspected ransomware incident on the GPS device maker. Garmin’s fitness service Garmin Connect and pilot navigation service FlyGarmin, which is popular among pilots, went offline.

According to BleepingComputer, the malware WastedLocker was responsible for the outage. WastedLocker is attributed to the Russian cybercriminal gang Evil Corp, which the US government is offering a US$5 million bounty on leader Maksim Viktorovich Yakubets.

In a statement released by Garmin, the company announced that it was the victim of a cyber attack that encrypted some of their systems on July 23, 2020. As a result, many of its online services were interrupted including website functions, customer support, customer-facing applications and company communications.

Interestingly, the statement also said, “We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services”.

Reports from sources close to the company said that the outage is due to the companies servers and databases being hit by WastedLocker ransomware. With systems expected to be restored in the next few days, the company also said that they did not expect any material impact to their operations or financial results from the outage.

Lessons From the Attack
As Garmin continues its recovery, Garmin will certainly be re-examining their entire cybersecurity framework to see what they could have done to avoid such an incident.

CSA reached out to Kevin Reed, CISO of cybersecurity company Acronis to get his views on the issue. According to Garmin, what happened to them is not an isolated incident. However, with Garmin reporting to earn an estimated US$4 billion annually, some would argue that they are definitely a high-value target.

“Ransomware is known for exploitation of well-known public vulnerabilities. Companies need to ensure they patch their systems consistently. Ransomware does not target victims but instead are optimistic in looking for vulnerabilities”.

In Garmin’s case, Kevin said that while there could be many reasons how the ransomware could have infiltrated them, he felt that it could have been caused by some outdated patches.

“Most organisations focus on compliance frameworks. They ensure they have the best systems to meet all governance and regulations. However, a ransomware attack demonstrates the real situation in an organisation by exposing the weak points in the security processes and protocols of the company. Ransomware demonstrates how organisations need to protect from real-life threats instead of just focusing on compliance”.

When asked what companies can do to better protect themselves from such incidences, Kevin said companies can consider advanced AI-based heuristics and behavioural detection to better protect their organisation. He added that Acronis Cyber Protect can also stop WastedLocker and other ransomware before they can spread and encrypt files.

Meanwhile, Chester Wisniewski, principal research scientist at Sophos, explained,  “If in fact, Garmin paid the astronomically high ransom to obtain the decryption key, the popular connected device maker could find itself in legal trouble for breaching a U.S. Treasury sanction that prohibits such transactions. In paying, the sanction’s intended purpose of eliminating cyber-criminal activity is wholly defeated. Victims crippled by ransomware often find themselves faced with the same prisoner’s dilemma of whether to pay or bite the bullet. It’s a no-win situation that usually boils down to the lesser of two costs. But as research shows, paying the ransom usually doubles the total cost of remediation.”

One thing is for certain, ransomware is a growing threat and Kevin believes it will only get worse if victims keep paying ransoms. While some companies can bounce back from such incidents with a renewed cybersecurity framework in place, many could end up facing huge losses or even bankruptcy if they are not well protected.

You might also like
Most comment
share us your thought

0 Comment Log in or register to post comments