[Security Weekly] Garmin Suffers Massive Service Meltdown After Ransomware Attack

5th Week of July 2020


1. Garmin hit by WastedLocker ransomware causing massive global shutdown

Garmin, a multinational firm that specializes in GPS navigation and wearable technologies, suffered a cyberattack on July 23 which forced it to shut down all services worldwide and significant parts of production activities in Asia.

Based on the information given by the company’s employees, Garmin was hit by the WastedLocker ransomware developed by Evil Corp, a Russian-based threat actor. The attackers appeared to have encrypted Garmin’s corporate network and parts of its production systems. The company later confirmed this information on July 27.

Garmin immediately shut down all systems as well as a few separated data centers to prevent the ransomware from spreading further. This has led to a massive disruption of services and production.

Garmin’s official domain was closed. It was unable to receive calls, emails, and online chats. Garmin Connect was down so that users of its smartwatches and wearables could no longer sync data with the servers. FlyGarmin was also disabled, meaning that pilots could not download the latest updates for their airplane navigation systems and receive weather information and position reports as required by the FAA. Lastly, the Garmin Pilot app, used by pilots to schedule and plan flights were shut down as well.

The company also closed its manufacturing facilities in Taiwan on July 24 and 25. After days of chaos, services began to resume slowly on July 28.

Among all types of cyberattacks, ransomware is the only kind with the destructive power to force a global shutdown. To protect sensitive information from potential ransomware attacks, use a reliable encryption solution like D’Amo to encrypt your databases. Click here to learn more.

Sources: ZDNet, Bleeping Computer


2. Digital banking app Dave suffers data breach affecting 7.5 million users

Dave, an LA-based digital banking startup that became a unicorn (a startup with a market value exceeding US$1 billion) since 2019, confirmed on July 26 a data breach that compromised the personal data of over 7.5 million users.

The data breach was initially discovered on July 24 when the records of 7,516,625 Dave users were posted on an open hacking forum for free download. The data included full names, dates of birth, home addresses, phone numbers, emails, and hashed passwords. Fortunately, social security numbers (SSN) were safely encrypted.

According to Dave, the attackers gained access into its corporate network by hacking into the network of a former third-party provider, Waydev, a Git analytics platform used by its developers.

The company has now secured the attackers’ point of entry and has begun notifying the impacted users, along with implementing forced password reset for their accounts.

Many threat actors aim at fast-growing startups for their lack of security measures, making it crucial to start investing in security at an early stage to prevent potentially huge losses and fines due to data breaches. To learn more about Penta Security’s enterprise security solutions, click here.

Sources: Infosecurity, Security Boulevard


3. Cosmetics MLM firm Avon exposes over 19 million confidential records

Avon Products, the world’s second-largest multi-level marketing (MLM) firm, reportedly exposed over 19 million confidential records that contained personal data and technical information.

According to cybersecurity researchers at Safety Detectives, who discovered the incident on June 12, the leak was due to Avon’s misconfiguration of a Microsoft Azure cloud server, where no password was set in place, making it openly accessible by the public.

The exposed database contained 19 million records at a size of 7GB, of which none is encrypted. Among them, personally identifiable information such as full names, dates of birth, home addresses, phone numbers, email addresses, and other location information of customers and some direct sellers were included. Technical server information, account settings, and internal logs were also exposed.

Personal data could be used for phishing attacks and identity theft. What’s worse is that the technical information of Avon’s systems could be utilized by sophisticated hackers to gain access to the internal network, leading to significant damage to the firm.

Just a few days before the discovery, on June 9, Avon filed a cyberattack incident to the UK’s authorities which had led to system issues and interruptions of its operations. It is not clear yet whether the cyberattack was related to this data leak.

Source: Infosecurity


4. US State of Vermont warns taxpayers of 3-year long exposure of personal data

The Department of Taxes of the US state of Vermont issued a notification on its website warning all taxpayers that their personal information might have been exposed.

According to the notification, on July 2, the Department discovered a flaw in the user account verification process of its online tax filing system for the property transfer tax. The flaw was left undiscovered for three years, affecting all those who filed property transfer tax online between February 1, 2017, and July 2, 2020.

This flaw has exposed these users’ account verification credentials to anyone in public. The verification details could be used to access all previously filed property transfer tax documents, which include the social security numbers of the property buyers and the last four digits of the SSN of the property sellers.

The Department said that it has immediately fixed the vulnerability and the credentials could no longer be used to access previous returns.

Social Security Numbers and tax payment details are highly sensitive information that can be used for identity theft and can lead to severe financial losses and legal consequences. Tax departments and tax filing agencies should all treat these data carefully by protecting their databases with an encryption solution like D’Amo.

The US Internal Revenue Service also recommended last week that all tax filing agencies use multi-factor authentication for user login. For those looking for a convenient single sign-on multi-factor authentication product, check out ISign+.

Sources: Threatpost, Bleeping Computer


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Automotive and Mobility Security: AutoCrypt