Jump to content

Whoops... Ransomware at Garmin


Recommended Posts



Thanks for sharing this. I think their issues extend a bit further. I did some updates to my Garmin Pilot flight plans and I noticed they didn’t update on my other iOS version. Got an “unable to sync” message. Wonder how far the hack went.


Sent from my iPad using Tapatalk Pro
Link to comment
Share on other sites

Anyone in the security field will tell you this is a "when" and not an "if" scenario for most companies. The critical item, just like flying, is to have a plan of what to do when the emergency occurs. Spending all of your money on protection and none on recovery planning is common as many execs are told to "buy this" and "hire these consultants" to develop protection and then are stunned when a breach occurs. 

Seen this way too many times to be shocked.

  • Like 3
Link to comment
Share on other sites

These individuals need to be hunted down and punished to the fullest extent of the law.  This is shenanigans at a level that is no bueno.  I hope they string them up by their privates in the public square.  THIS shall not stand...

Chances are they are foreign.

The easiest way to stop this is to make Microsoft pay these ransoms.
  • Thanks 1
Link to comment
Share on other sites

18 hours ago, wishboneash said:

I am thinking penalties for such crimes should be "extremely" severe. This is modern day terrorism.

Actually, the ones who should be penalized is Garmin for skimping on security and not implementing sufficient safeguards and separation between networks they should care about and the internet connected cattle...

  • Like 1
Link to comment
Share on other sites

The last 3 ransomware attacks I have seen were caused by someone on the inside leaving the door open. Often times they are part of the scam. In one case involving a local county, the guy who left the door open was just hired as part of the cyber security team. A deeper investigation revealed he had a past. Cyber security is more than software, passwords and keys, the first point is to start with good old background checks on the humans at the consoles and to not put anyone in a position of trust until that has been cleared.

As to not Garmin Pilot not synching across iOS versions this is not unusual. Most apps that involve "synchronization" in iOS will not go across versions including apps within iOS itself.

Link to comment
Share on other sites

15 hours ago, ArtVandelay said:

The easiest way to stop this is to make Microsoft pay these ransoms.

That's like making the construction company that built the road pay for it when people run red lights.

  • Like 3
Link to comment
Share on other sites

15 hours ago, ArtVandelay said:


Chances are they are foreign.

The easiest way to stop this is to make Microsoft pay these ransoms.

Most attacks involve significant levels of "social engineering" and phishing, and are less technical problems and more exploitation of human frailties.  It's simply not possible to have a technological solution to an attack that involves days or weeks or months of efforts at getting enough information from various insiders to gain access.  Cyber attacks these days largely aren't a lone wolf, or even a team of hackers, sitting in darkened rooms and coding exploits of vulnerabilities.  They get as much information as they can and over time get someone on the inside to unknowingly give them access.

Link to comment
Share on other sites

Just now, 1001001 said:

Cyber attacks these days largely aren't a lone wolf, or even a team of hackers, sitting in darkened rooms and coding exploits of vulnerabilities. 

There are actually markets on the dark web where you can "rent" malware of your choice, have it customized for your specific target, and have an attack generated without you doing anything but spending some Bitcoin.

Besides nation-state players who are doing it for their country, organized crime in multiple countries are monetizing attacks such as these. Some groups play the long game and some go for quick wins. Recall the Anthem breach a few years ago. About 18 months later some of those who had their personal health information compromised (military officers above a certain rank and higher level government employees) started receiving emails from their physicians with their latest test results attached. Several of them opened them to find old results, but at the same time they loaded malware onto their systems. We have to learn some of the actors have exceedingly long planning horizons compared to our standard American quarterly driven outlook.

Because of my job and company, I receive FBI alerts about various ongoing attacks and risks being seen in the wild. This week alone I have received 8 different notices. As we said years ago, you aren't paranoid if they really are coming after you.

  • Like 3
Link to comment
Share on other sites

45 minutes ago, EricJ said:

That's like making the construction company that built the road pay for it when people run red lights.

in this case, it's usually cheaper for them to just pay the ransoms. The amount of hours and work add up pretty quickly, and it the end you payed way more and it took way longer. From a cost perspective, it makes sense.

Link to comment
Share on other sites

4 hours ago, Oldguy said:

There are actually markets on the dark web where you can "rent" malware of your choice, have it customized for your specific target, and have an attack generated without you doing anything but spending some Bitcoin.

Besides nation-state players who are doing it for their country, organized crime in multiple countries are monetizing attacks such as these. Some groups play the long game and some go for quick wins. Recall the Anthem breach a few years ago. About 18 months later some of those who had their personal health information compromised (military officers above a certain rank and higher level government employees) started receiving emails from their physicians with their latest test results attached. Several of them opened them to find old results, but at the same time they loaded malware onto their systems. We have to learn some of the actors have exceedingly long planning horizons compared to our standard American quarterly driven outlook.

Because of my job and company, I receive FBI alerts about various ongoing attacks and risks being seen in the wild. This week alone I have received 8 different notices. As we said years ago, you aren't paranoid if they really are coming after you.

I am aware of that, but it is the social engineering and phishing that get insiders to unknowingly install those bits of malware, or give up enough information for the bad actors to get in and install them. 

EDIT:  I guess we actually agree on this.  Sorry for the misunderstanding.

Edited by 1001001
Link to comment
Share on other sites

4 hours ago, tmo said:

Actually, the ones who should be penalized is Garmin for skimping on security and not implementing sufficient safeguards and separation between networks they should care about and the internet connected cattle...

You're right. Garmin is having problems not because the theives are bad people, but because they didn't prepare enough to fend off the attack. It's always the victim's fault . . . .

Was your car broken into? You shouldn't have left it there (even if it was at your home); your alarm should have been armed; you should have installed a better alarm; why do you still have windows that can be broken out, and locks that can be forced open? Your car was just too tempting to those innocent people walking by . . . . Be more careful in the future, and maybe no one else will break into your car and steal your stuff!

Get outa here!!! I blame the theives and crooks, they choose to break in and take things that aren't theirs. If only victims could send them bombs instead of cash, there'd be a lot less of this going on . . . .

  • Like 5
  • Thanks 1
Link to comment
Share on other sites

44 minutes ago, Hank said:

You're right. Garmin is having problems not because the theives are bad people, but because they didn't prepare enough to fend off the attack. It's always the victim's fault . . . .

Was your car broken into? You shouldn't have left it there (even if it was at your home); your alarm should have been armed; you should have installed a better alarm; why do you still have windows that can be broken out, and locks that can be forced open? Your car was just too tempting to those innocent people walking by . . . . Be more careful in the future, and maybe no one else will break into your car and steal your stuff!

Get outa here!!! I blame the theives and crooks, they choose to break in and take things that aren't theirs. If only victims could send them bombs instead of cash, there'd be a lot less of this going on . . . .

The internet is a bit unique in this sense.   Actually, anything with any kind of on-line connection is subject to various kinds of attacks, and if there are valuables behind the connection, then it is up to the proprietor to secure them from expected and inevitable attack.   A typical residence has locks on the doors and windows, which can be bypassed by anyone determined enough to get in.   A bank or jewelry store or any edifice with a significant quantity of valuables inside, needs to take more measures than the typical residence, because the attacks would otherwise be expected and inevitable.   A residence left with the doors open and unlocked that gets robbed has been neglected by the residents.   A bank that leaves its deposits unguarded and unsecured and gets robbed is culpable in the theft, because it should have known better.

Likewise a company that leaves its digital assets insufficiently secured to expected and inevitable attack is culpable as well.   If your data or wealth is ever compromised in such a situation, most definitely hold the entrusted agency accountable.  If you make a deposit at the bank, you hold the bank accountable for the security of it.   Likewise with data.

 

  • Like 4
Link to comment
Share on other sites

12 hours ago, EricJ said:

The internet is a bit unique in this sense.   Actually, anything with any kind of on-line connection is subject to various kinds of attacks, and if there are valuables behind the connection, then it is up to the proprietor to secure them from expected and inevitable attack.   A typical residence has locks on the doors and windows, which can be bypassed by anyone determined enough to get in.   A bank or jewelry store or any edifice with a significant quantity of valuables inside, needs to take more measures than the typical residence, because the attacks would otherwise be expected and inevitable.   A residence left with the doors open and unlocked that gets robbed has been neglected by the residents.   A bank that leaves its deposits unguarded and unsecured and gets robbed is culpable in the theft, because it should have known better.

Likewise a company that leaves its digital assets insufficiently secured to expected and inevitable attack is culpable as well.   If your data or wealth is ever compromised in such a situation, most definitely hold the entrusted agency accountable.  If you make a deposit at the bank, you hold the bank accountable for the security of it.   Likewise with data.

The digital world seems to work like the physical world:  in war, weapons eventually defeat targets. All of them. Impregnable fortresses fall, unsinkable ships sink, firewalls are cracked. It's not the fault of the defenses, it's sue to the effort of the attackers. 

With all ransomware, I blame the ransomer, not the victim. Sounds like you blame the dead person lying in the street and not the hoodlum who stuck a knife into his chest . . .

Off my soapbox and out of here. Hope Garmin is back up soon. Hope the ransomer gets what they deserve instead of money!

  • Like 2
Link to comment
Share on other sites

6 hours ago, Hank said:

 

With all ransomware, I blame the ransomer, not the victim. Sounds like you blame the dead person lying in the street and not the hoodlum who stuck a knife into his chest . . .

 

I know a guy who had his iPad stolen out of his car.  The thing is, he left his windows open and his car unlocked.

Do I blame the thief for stealing?  Yes.

Do I think the guy was a dumbass?  Also yes.

  • Like 3
Link to comment
Share on other sites

If I was in charge.  I would have people out hunting down these people and have their network in a smoking hole the response would be relentless and they would never want to log on to a computer again.   Passive deterrence is stupid.  I would direct the full computing power of AWS in their direction.

  • Like 1
  • Haha 1
Link to comment
Share on other sites

If I was in charge.  I would have people out hunting down these people and have their network in a smoking hole the response would be relentless and they would never want to log on to a computer again.   Passive deterrence is stupid.  I would direct the full computing power of AWS in their direction.

You’d have lots of backing I am sure. But would you be willing to invade foreign county’s to do so? Such is the reach of cyber crime.

Garmin was back up the same day this thread was started.


Sent from my iPhone using Tapatalk
  • Like 2
Link to comment
Share on other sites

I lot of misplaced anger and frustration in this thread. I make my living building defenses against this stuff. It's a good living, and allows me to fly a nice airplane. 

Much of these attacks are automated. The Internet is a toxic river of viruses, malware, and other dangerous code. It's not blaming the victim but rather wondering why they went swimming without the full hazmat suit on. None of us would want to live without the Internet and the interconnectedness that we all benefit from. But the very data processing power that provides the benefits, also makes it a very dangerous place. So there are best practices that companies like Garmin have to follow or they leave themselves wide open to this type of attack. Maybe they'll take it seriously going forward.

  • Like 5
Link to comment
Share on other sites

3 hours ago, kortopates said:


You’d have lots of backing I am sure. But would you be willing to invade foreign county’s to do so? Such is the reach of cyber crime.

Garmin was back up the same day this thread was started.


Sent from my iPhone using Tapatalk

Invade?  I would prefer a targeted attack.  Quid pro quo...Return the favor on their server...

Link to comment
Share on other sites

The problem with attacking the infrastructure of the malware operators is twofold: 1) Most of it is operated by mafia or nation-states, and 2) A very large percentage of the infrastructure is itself hacked.  Choosing to do so anyway opens you up to physical and legal risk beyond what you would otherwise expect.  Tread carefully.

It is likely that Garmin (or someone employed there) missed a security protocol somewhere.  It's equally likely that the malware they were hit with uses an exploit not yet patched by the security or OS vendors (whichever is appropriate).  People are fallible, and so is software security.  Some non-technical roles are notorious for being the infection vectors...

There's also a decent possibility that Garmin was hit with a targeted attack.  In that case, while there probably would've been signs in their logs (good luck noticing that in the deluge of real-time data), a determined attacker will get in eventually.

All that said, there's also the chance Garmin didn't take security seriously enough.  I can't speak to that, as I don't know anyone there.  Given the above, I'm willing to give the benefit of the doubt here (as I am with all other companies going through similar problems).

Link to comment
Share on other sites

On 7/23/2020 at 8:33 PM, Missile=Awesome said:

These individuals need to be hunted down and punished to the fullest extent of the law.  This is shenanigans at a level that is no bueno.  I hope they string them up by their privates in the public square.  THIS shall not stand...

Good luck finding them in Slovenia or Uzbekistan.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.