ISA is committed to keeping the security community up to date with the latest cybersecurity news. 

Garmin hit by suspected ransomware attack

Garmin, a global leader in the production of fitness trackers, smartwatches and other GPS-enabled wearable devices, was hit with a suspected ransomware attack on July 23 that shut down many of its global operations and websites.

Garmin has wide interests, touching fitness, recreation, automotive, marine, and aviation – all of which appeared to be affected by the attack. For example, the FlyGarmin app used by pilots using Garmin GPS-based instruments and navigation equipment was affected by the outage. While smartwatches continue to work properly in isolation, access to online services, updates, and synchronization were all taken down by the attack. Pilots using Garmin equipment need to run an up-to-date version of Garmin’s aviation database on their navigational systems as an FAA requirement. The FlyGarmin app and its supporting website were both still down as of July 26; meanwhile, the Garmin Pilot app, which pilots use to schedule and plan flights, was down on July 23 and July 24, but services were largely restored by July 26.

The outage also affected Garmin’s annual Airventure Oshkosh Experience held last week, which had already been converted into a virtual event due to the COVID-19 epidemic.

Garmin is gradually coming under fire on social media for the lack of communication during the incident. While their main site advises customers that “Garmin has no indication that this outage has affected your data, including activity, payment or other personal information,” little news has been provided other than reporting that many of their systems were down over the weekend for two days of “maintenance”.

Unconfirmed reports suggest that the ransomware involved was called “WastedLocker”, which encrypted and locked server files, but is not believed to have exfiltrated any data. The reports indicate that a ransom of up to $10 million (US) is involved.

As of July 26, Garmin still had no access to email or chat communications, and only limited availability for customer service voice calls. The flagship Garmin website was affected early in the attack, but most of its functionality and e-commerce services appeared to have been restored by July 26. However, many services (including all Garmin Connect functions) remain affected by the outage: key Garmin service status portals are listed below for the latest news:

Garmin inReach and Explore status: https://status.inreach.garmin.com/
Main Garmin website status: https://www.garmin.com/en-CA/outage/
FlyGarmin website status: https://status.flygarmin.com/
Garmin Connect status: https://connect.garmin.com/status/

Garmin has a scheduled earnings call with investors on July 29, creating additional pressure for a comprehensive resolution and explanation of the incident.

Canada Centre for Cyber Security advisory service

As the number of COVID-19 cases gradually subsides in Canada, this may provide organizations an opportunity to regroup after the extremely busy last few months. IT teams can take this time to review outstanding patches and ensure that security hardening – which may have been temporarily de-emphasized during the pandemic rush – is brought up to date. The Canada Centre for Cyber Security advisory service can help provide quick insights into recent vulnerabilities reported in hardware and software platforms. Launched in 2018, the site is updated daily with new vulnerability and patch announcements as they are reported and documented. Each entry provides a plain language summary as well as links to more detailed technical information from each vendor. The site also provides an RSS feed feature to simplify monitoring.

Recognizing the heightened risk to health organizations, the Alerts & Advisories page has a special notice for IT managers and professionals supporting the medical community. The resources on ransomware awareness and telework vulnerabilities are excellent resources for any organization.

U.K.’s National Cyber Security Centre expands online testing toolkit

The National Cyber Security Centre (NCSC) has added a tenth module to their popular “Exercise in a Box” cybersecurity self-testing suite. A new “Home and Remote Working” exercise has been added to the toolkit to help organizations self-assess their readiness for cyber attacks against distributed workforces.

The new module focuses on three key areas: safely accessing remote networks and corporate resources, tips on managing secure remote collaboration for staff, and tests to evaluate the processes in place to manage a cyber incident remotely.

Launched in 2019, the Exercise in a Box suite guides the user through a set of realistic scenarios that a business could face, forcing the participants to reflect, practice, and refine their responses to cyber threats. According to the NCSC, “some of the most popular exercises include scenarios based around ransomware attacks, losing devices and a cyber attack simulator [that] safely imitates a threat actor targeting operations to test an organization’s cyber resilience.”

The service is completely free – registration takes only a few minutes, requiring some profile information and the size and industry of your business, so the exercises can be tailored to your areas of interest. The site includes all the information you need for setting up, planning, and delivering an exercise – along with the resources for conducting a post-exercise retrospective.

The NCSC was formed in October 2016, and is the UK’s independent authority on cyber security.