Garmin Reportedly Victim Of Ransomware Attack

Fitness and navigation specialist Garmin is reportedly at the centre of a devastating cyber attack, although the company has not issued any direct confirmation of being hacked.

That said, Garmin has admitted an ‘outage’ in an update for customers, which did not address media reports that it has suffered a ransomware attack.

“We are currently experiencing an outage that affects Garmin.com and Garmin Connect,” said the firm. “This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.

Ransomware attack

ZDNet cited Garmin staff who have claimed on social media that the firm is the victim of a ransomware attack.

Besides Garmin.com and Garmin Connect being unavailable, it is also reported that Garmin Aviation flyGarmin website and mobile app, which is used by pilots, is also unavailable.

The company’s production line in Taiwan is also reported to have been impacted by the ‘outage’.

And of course Garmin’s wearable customers are not currently able to log into Garmin Connect to record and analyse their health and fitness data.

Mindset shift

Although there has been not official confirmation of a ransomware attack, this seems to be the most likely explanation according to security experts.

“Ransomware campaigns continue to pose a significant threat to organisations,” said Matt Lawrence, director of Detection & Response at F-Secure. “Hands-on-keyboard attacks, where attackers conduct credential theft and lateral movement before deploying their ransomware to cause maximum disruption, continue to be one of the most impactful trends that business face today.”

“Although every incident is unique, based upon our research and investigations, human-operated ransomware campaigns often use unsophisticated attack vectors that typically trigger multiple avenues for detection,” said Lawrence. “Combating attacks like this requires a mindset shift to one that focuses on comprehensive defense and response measures that focuses on slowing and stopping the attackers before they can succeed.”

Risk profile

Another security expert warned that criminals are using increasingly sophisticated attacks to ensure ransomware hits home.

“The attack on Garmin is the latest in a series cyber attacks where threat actors are embedding ever greater levels of sophistication into their ransomware,” noted Faiz Shuja, co-founder and CEO at SIRP Labs.

“Their aim is to exploit vulnerabilities left by organisations who had precious little time to complete security checks when they transitioned to remote working at the start of the pandemic,” said Shuja. “While they may trigger alerts, our latest research shows a quarter turn out to be false-positive and are easily missed.”

“Faced with this, security teams need the capacity to tell the organisation’s risk profile at a glance to place threat alerts into context,” said Shuja. “This involves proactive monitoring of global threat intelligence and correlating it with the organisation’s landscape. This puts them in the best possible to make informed decisions about protection and incident response priorities.”

Ongoing problem

Another expert noted that Garmin is not alone, if it has been the victim of a ransomware attack.

“If Garmin have been the subject of a post-intrusion ransomware attack then they are not alone,” noted Don Smith, senior director of Secureworks Counter Threat Unit (CTU). “They will be one of many who have fallen prey to such cybercriminals.”

“What’s troubling is that attacks of this form are on the increase,” said Smith. “Over the last two years, our incident response teams have been engaged to help increasing numbers of victims. Indeed we have seen a 100 percent year-on-year increase in such engagements over the last two years.”

“The reason for this increase and the assessment that we are only going to see more of this criminality is plain,” said Smith. “Post intrusion ransomware is a highly profitable and effective way to extort money from large enterprises. Given a network intrusion the ‘return on investment’ of post-intrusion ransomware makes it a compelling route to monetisation for cyber criminals.”

“The good news, is that you can prevent these attacks, it is not easy, but it is possible,” Smith concluded. “Criminals will leverage commodity malware to gain an initial foothold into a network but will then spend time assessing how best to attack the enterprise. If the initial foothold is missed then a well instrumented enterprise should be able to detect the footfall of the criminals as they navigate around the victim enterprise prior to deploying ransomware.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago