Separate names with a comma.
Discussion in 'General Bike Discussion' started by StormStrikes, Jul 23, 2020.
I’m sure it’s just the tip of the iceberg
The Russian company that deployed their version of Wasted Locker on Garmin attacked a whole lot of major US corps last month, and earlier this month, including some of the Big Names, but had their IP and intrusion methods blocked on many though they hacked used accounts from a newspaper company's and infected a ton of others, maybe dozens.
I guess Garmin didn't get the memo.
Probably shameful on their account. But, well.
The thing about hacks - of any kind against companies or individuals - you can think that you're better than anyone else and have the best security possible and best monitoring, keep up to date on everything, plug all your holes, etc but if someone were properly motivated enough - by money, resources, or being pissed off - then there is someone somewhere who can eventually figure out a way to hack you if given the chance, whether directly or indirectly. And I think you'll find those in non-computer-related security will tell you the same thing.
Without a doubt.
I don't know how fast this thing would/does spread across a network, but I would think a corporation the size of Garmin would have their network segmented in such a way that they would be able to get somewhere ahead of it and isolate it. Then, if they had sufficient and timely backups, just restore the systems. Surely they are using VM's/VDI's that have regular snapshots they could restore from?
I dunno, it just strikes me as odd. I sure would like to see the internal postmortem report on this. I bet it's a good read.
You would think, but I am guessing since they are a fairly 'mature' company when it comes to tech I am betting they have got some pretty old architecture and programming, and who knows - maybe some slapdash interfaces between systems, older stuff (hardware and software) that no one knows how to fix, and backup systems and images that don't cover everything.
I've felt that they've had some problems in the past that likely were the result of bad practices - reading between the lines, of course.
Ahhh, yeah, that's a good point too. Good ole legacy stuff.
The good news is that it appears they are back up and running now. Well, I can get to Garmin Connect, that is.
Just saw this. Only Garmin products I still have are my boat gps and a watch I use for workouts or runs. Haven’t needed either since this happened. Who knows could’ve been one employee making a bad decision in responding to a phishing request. We are a publicly traded company and spend a lot on data protection. It’s always hammered home that the weakest link in the system is one employee falling for a phishing scam. Wonder if that’s how they got in. Glad I went to wahoo for cycling I guess.
Just today finally got mine back up and running with the mobile app correctly.
Strava has been verrrrrrrrrry quiet.