Garmin on their knees

At the end of July 2020, the navigation device manufacturer Garmin was hit by a cyber attack that virtually shut down the company’s services and manufacturing for a few days.

Photo: Gerardo Ramirez, Unsplash

The attack resulted in the closure of the Garmin.com website. The Garmin Connect service where you can save training data from activity devices also closed. This means that users of Garmin’s exercise deviuces could not analyse their health data. Garmin Aviation’s website flyGarmin, Garmin Pilot and the mobile app used by pilots and seafarers could no longer be used. It was no longer possible to submit weather reports and create flight plans for flights. Submitting a flight plan is a requirement to be allowed to fly anywhere in an aircraft. So, many private planes remained on the ground for a few days.

Garmin’s customer service centres could no longer be reached by phone, emailed or chat. Factories in Taiwan were affected, servers and databases were attacked and production lines had to be closed “for maintenance” for two days.

Garmin began by trying to get around things by suggesting the downtime was all about regular maintenance, but later admitted that it was a cyber attack that encrypted data on some systems, but will not admit more than that. As is customary with such shameful events, the company does not want to tell how the attack ended, why it has such poor protection against cyber crime and what resources have been destroyed or rendered unusable. It’s not good for business.

According to information to the Techcrunch website, it was a ransomware attack, perhaps caused by the WastedLocker malware that was discovered in May and has been traced to a hacker group called Evil Corp, located in Russia. But one cannot know for sure.

We might take a closer look at some ransomware attacks during the year 2020 and what they cost companies.

ISS. The Danish cleaning company ISS was hit by a hostage-taking attack and had to close its networks. This caused all employees to lose contact with computer systems and email. Cost of restoration: $75-112 million.

Cognizant. The IT service company Cognizant was infected by the Maze hostage program and its influence spread to the customers. Cognizant is a huge outsourcing company with about 300,000 employees, who all lost contact with the company’s servers, etc. Cost of restoration: $50-70 million.

Redcar And Cleveland Municipality. The English municipality of Redcar and Cleveland was cyber-attacked in February and the employees lost contact with the municipality’s systems for three weeks. The citizens had a hard time getting in touch with the municipality. Cost of restoration: $13-22 million.

Travelex. The currency exchange company Travelex was attacked during the New Year, which resulted in it having to close its internal network, website and mobile app for several weeks. Ransom money paid to restart the business: $2.3 million.

And the road goes ever on and on.

Accept the truth: very few in a responsible position in a company think that IT security is particularly important. Training employees to resist phishing and similar attacks is not considered cost-effective. Authorities, utility companies, healthcare and infrastructure are constantly being attacked and the number of attacks is increasing every year. Backup copies are absent and the ransom money demanded by the criminals increase year by year.

WastedLocker attacks can be customised to target specific organisations and the ransoms demanded are high, from $50,000 to over $10 million in Bitcoin. If it works well for the cyber criminals, why hold the fire?

By Jörgen Städje, Hidden24