Garmin Reportedly Victim Of Ransomware Attack

Ransomware attack has reportedly crippled internal systems at Garmin, although company only confirms ‘outage’ of services

Fitness and navigation specialist Garmin is reportedly at the centre of a devastating cyber attack, although the company has not issued any direct confirmation of being hacked.

That said, Garmin has admitted an ‘outage’ in an update for customers, which did not address media reports that it has suffered a ransomware attack.

“We are currently experiencing an outage that affects and Garmin Connect,” said the firm. “This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.


Ransomware attack

ZDNet cited Garmin staff who have claimed on social media that the firm is the victim of a ransomware attack.

Besides and Garmin Connect being unavailable, it is also reported that Garmin Aviation flyGarmin website and mobile app, which is used by pilots, is also unavailable.

The company’s production line in Taiwan is also reported to have been impacted by the ‘outage’.

And of course Garmin’s wearable customers are not currently able to log into Garmin Connect to record and analyse their health and fitness data.

Mindset shift

Although there has been not official confirmation of a ransomware attack, this seems to be the most likely explanation according to security experts.

“Ransomware campaigns continue to pose a significant threat to organisations,” said Matt Lawrence, director of Detection & Response at F-Secure. “Hands-on-keyboard attacks, where attackers conduct credential theft and lateral movement before deploying their ransomware to cause maximum disruption, continue to be one of the most impactful trends that business face today.”

“Although every incident is unique, based upon our research and investigations, human-operated ransomware campaigns often use unsophisticated attack vectors that typically trigger multiple avenues for detection,” said Lawrence. “Combating attacks like this requires a mindset shift to one that focuses on comprehensive defense and response measures that focuses on slowing and stopping the attackers before they can succeed.”

Risk profile

Another security expert warned that criminals are using increasingly sophisticated attacks to ensure ransomware hits home.

“The attack on Garmin is the latest in a series cyber attacks where threat actors are embedding ever greater levels of sophistication into their ransomware,” noted Faiz Shuja, co-founder and CEO at SIRP Labs.

“Their aim is to exploit vulnerabilities left by organisations who had precious little time to complete security checks when they transitioned to remote working at the start of the pandemic,” said Shuja. “While they may trigger alerts, our latest research shows a quarter turn out to be false-positive and are easily missed.”

“Faced with this, security teams need the capacity to tell the organisation’s risk profile at a glance to place threat alerts into context,” said Shuja. “This involves proactive monitoring of global threat intelligence and correlating it with the organisation’s landscape. This puts them in the best possible to make informed decisions about protection and incident response priorities.”

Ongoing problem

Another expert noted that Garmin is not alone, if it has been the victim of a ransomware attack.

“If Garmin have been the subject of a post-intrusion ransomware attack then they are not alone,” noted Don Smith, senior director of Secureworks Counter Threat Unit (CTU). “They will be one of many who have fallen prey to such cybercriminals.”

“What’s troubling is that attacks of this form are on the increase,” said Smith. “Over the last two years, our incident response teams have been engaged to help increasing numbers of victims. Indeed we have seen a 100 percent year-on-year increase in such engagements over the last two years.”

“The reason for this increase and the assessment that we are only going to see more of this criminality is plain,” said Smith. “Post intrusion ransomware is a highly profitable and effective way to extort money from large enterprises. Given a network intrusion the ‘return on investment’ of post-intrusion ransomware makes it a compelling route to monetisation for cyber criminals.”

“The good news, is that you can prevent these attacks, it is not easy, but it is possible,” Smith concluded. “Criminals will leverage commodity malware to gain an initial foothold into a network but will then spend time assessing how best to attack the enterprise. If the initial foothold is missed then a well instrumented enterprise should be able to detect the footfall of the criminals as they navigate around the victim enterprise prior to deploying ransomware.”

Do you know all about security? Try our quiz!