Garmin Faces Major Service Disruption Following Ransomware Attack
Garmin, the renowned manufacturer of fitness trackers, smartwatches, and GPS devices, is currently grappling with a significant global outage due to a targeted ransomware attack. This incident was confirmed by an anonymous employee speaking to The Hacker News. The company’s official communications, including statements on its website and Twitter account, acknowledge the extensive service disruption affecting Garmin.com and Garmin Connect.
The outage has not only impacted the company’s website but has also paralyzed its call centers, rendering it incapable of handling any incoming calls, emails, or online chats. Garmin has issued a formal apology for the service interruption and is actively working to resolve the issue as quickly as possible. As a consequence of the attack, several key connected services, such as Garmin Express and Garmin Connect mobile, have been temporarily suspended, limiting millions of users from accessing cloud-based functionalities or syncing their devices.
Details regarding the technical aspects of the attack remain sparse; however, several local media outlets suggest that hackers successfully infiltrated Garmin’s application and database servers with ransomware. Additionally, reports indicate that Garmin has informed its IT personnel in facilities based in Taiwan about impending maintenance planned for July 24 and 25, presumably as a response to the cyber crisis.
Cybersecurity analysts suspect that the attack could be linked to WastedLocker, a ransomware variant associated with the cybercriminal group known as Evil Corp. This group is notorious for its sophisticated tactics, which include compromising corporate networks, escalating privileges, and executing lateral movements within the system to install ransomware on critical systems before demanding substantial ransoms.
The WastedLocker malware is characterized by its innovative delivery methods, often using JavaScript-based tools to disguise malicious payloads as legitimate software updates. It exploits User Account Control (UAC) bypass techniques to gain elevated privileges and utilizes Cobalt Strike for lateral movement within compromised networks.
Experts emphasize that traditional security measures may fall short when faced with determined cyber adversaries. According to Colin Bastable, CEO of Lucy Security, the majority of financial losses in cybersecurity stem from socially engineered attacks, with emails frequently serving as the initial vector. He advises organizations to fortify their defenses by implementing rigorous security awareness training alongside regular system updates.
Saryu Nayyar, CEO of Gurucul, echoes this sentiment, urging businesses to be prepared for potential attacks as the landscape of cybersecurity continues to evolve. He highlights the importance of maintaining daily backup practices for data and systems, which can be invaluable if an organization is compromised.
As of now, Garmin has not officially classified this incident as a ransomware attack, but inquiries have been made to clarify the situation. This ongoing uncertainty reinforces the need for businesses to remain vigilant and proactive in their cybersecurity strategies.
In addressing the incident, the MITRE ATT&CK framework could point to tactics such as initial access via email phishing, persistence through backdoors, privilege escalation using exploitation of software vulnerabilities, and lateral movement within the internal network as potential methods employed during the attack. This incident serves as a crucial reminder of the vulnerabilities that organizations face and the continuous need for robust cybersecurity measures.
As the story develops, updates will be provided to shed further light on this significant cybersecurity event and its implications for businesses and their operational integrity.
