Cyber attack on Garmin: Lessons to be learnt

On July 27, technology giant Garmin announced a cyber attack that occurred around 4 days earlier. The outward effects of the cyber attack primarily affected online services, which included the interruption of website functions, customer support services, customer-facing applications and internal company communications.

Garmin Cyber Attack
Garmin Cyber Attack

Fortunately for Garmin, there was no evidence that customers’ data or payment details had been compromised during the cyberattack. As the company sets their systems back to normal and sorts the backlog of user data caused by the incident, it’s a good time to reflect on the cyberattack to understand how it was able to happen, where the main weaknesses in Garmin’s cybersecurity were, and other key details that companies can learn from to prevent themselves falling prey to a similar incident in the future.

Who?

The cyber attack was delivered via ransomware software WastedLocker, a program that debilitates company systems by infecting computers and encrypting data. The cybercriminal then contacts the infected victim to demand a ransom in order to ensure safe return of the compromised data. In Garmin’s case, attackers demanded a $10 million fee for the data, which it was suspected that they paid in order to gain access to a key that would decrypt any compromised files.

Once they realised they were under attack, Garmin’s IT department attempted to remotely shut down all computers on the network and the devices were being encrypted, including the home computers of remote workers connected via VPN. This is what caused the effective ‘shutdown’ of Garmin’s online services.

How did it happen?

The initial cyber attack vector used to leverage entry to Garmin’s network was borne via an internal user browsing a compromised, but legitimate website: a news site that had been hacked. The unsecure website lured the users to download a fake software update to their Google Chrome browser.

Upon download of the “update,” to the browser, the weaponised file was able to gain entry to the user’s computer where it was then able to spread across the network. Upon gaining this entry, the cyber attackers were then able to identify weaknesses in the network, which allowed the deployment of the ransomware into as many unsecure locations as possible. 

What can be learnt from this?

Naturally there is an indication that Garmin had made an effort to secure their remote working employees, via the use of VPN, however it was employee personal laptops that then suffered due to that link.

More than anything, the key takeaway for businesses in light of this incident is that it is vital businesses ensure that all equipment used for work is appropriately updated with the organisation’s security tools. It is key for businesses to separate work and personal devices as much as possible in order to mitigate risk in the event of an incident like this.

Employee awareness and training, alongside a secure MDM solution with threat detection that can be controlled centrally by the organisation’s IT teams, will benefit against potential breach by ensuring that any updates to software are controlled solely by the company, in turn mitigating the liability of human error and unwitting download of malware or ransomware.

At Serbus, we are a leader in providing secure remote working solutions to the Government, MoD and world class brands alike. Our aim is to provide organisations with the tools they need to protect their company’s IP, data and essential communications from external threat risk.

To talk to us about your requirements and see how we can help secure your remote workforce, get in touch today on [email protected], or call us on +44 (0)1432870879.