#31
|
|||
|
|||
Quote:
Maybe if you work in small businesses outside of tech or something it is conceivable that you can see your whole office running on windows, with backups on windows, your website is hosted on some windows server in the corner, etc.. the phones are some windows solution that plugs into a USB port on a windows machine, etc... It's almost inconceivable a place like Garmin could be like that... they are a large hardware + software OEM. You literally cannot do what they do with a setup that basic and homogenous. Windows Malware just doesn't do anything to non-windows stuff. The problems that you have to solve to design & build GPS units & all the software that runs on them and a giant cloud platform that handles hundreds of thousands of users concurrently are just incredibly different than running a law firm or accounting firm or something like that... the variety and sophistication of computer systems you need is incredibly different. If they were that incompetent they would have failed at their business so long ago this wouldn't even be a story. The whole thing collapses because of your own internal incompetence. Last edited by benb; 08-03-2020 at 10:45 AM. |
#32
|
||||
|
||||
Any good kidnapper will hand back the kid if paid... It's a good business for these folks. Shame they couldnt find another way.
__________________
charles@pezcyclingnews.com |
#33
|
|||
|
|||
Our IT department sends out sporadic phishing emails, If an employee responds to it they have to sit through more training.
|
#34
|
|||
|
|||
Spying on citizens?
|
#35
|
|||
|
|||
Quote:
This crew can't get a two cent spring right in their marquee power pedal, I can only imagine the kind of IT infrastructure they've got. |
#36
|
|||
|
|||
Johnny Dangerously:
"Don't forget, crime doesn't pay... Well, it paid a little!"
__________________
This foot tastes terrible! |
#37
|
|||
|
|||
The people with experience in this field that are saying Garmin couldn't have been 100% windows have apparently never owned a garmin product. Because I find it believable.
|
#38
|
|||
|
|||
Quote:
|
#39
|
||||
|
||||
Quite a lot, actually. Just because they alert corporations and other government agencies of vulnerabilities doesn't mean that those corporations or agencies patch the holes. As noted elsewhere in this thread, it costs time and money. Management makes decisions regarding priorities and spending. Sometimes those decisions backfire.
The President is well known to use an unsecured (not hardened) iPhone, but who can make him change? Quote:
__________________
It's not an adventure until something goes wrong. - Yvon C. |
#40
|
|||
|
|||
Quote:
Garmin ships iOS software and Mac Software, therefore it is incredibly unlikely they're 100% windows as there's nothing but extreme fringe options for developing software for Apple platforms without developing on Macs. Also it's completely obvious from job postings that they run Connect in Microsoft's Azure cloud platform, most likely in containers... that is windows but it's not going to be affected by this kind of Ransomware stuff or it would be all over the news in a way bigger way as massive swaths of companies would be down. On top of that if Connect is in Azure in a containerized setup it would take minutes, not even hours to restart the whole thing and erase everything hackers did. That's just the way cloud deployments work. You typically would have to go out of your way as an IT shop to defeat the multiple layers of security those platforms start with. You start out opening an Account and Amazon/Google/Microsoft has already applied rings of security to your setup before you even start. Most of Garmin's quality issues have to do with them having WAY too many models IMO. The number of different models they have to keep working is totally insane. After all these years they are still in the same situation as say Samsung and still can't grasp that Apple's model is the one that works. A very small # of devices that you concentrate on and polish till they work exceptionally well has completely defeated the model of vomiting an ever increasing # of models out on the market that you never get working right and abandon and hope the users just shovel out for the next one. Ransomeware could be part of what happened but it just has to be a very small part of a larger attack to have accomplished what happened. I'd believe there were inside IT employees paid by the Russian hacking group or a sophisticated social engineering attack to help sabotage the company from within before I'd believe the news stories here that try to pin the whole thing on a single malware attack. The recent twitter hack that was so spectacular was social engineering.. literally the hacker calling into the company impersonating an employee to get the ball rolling. Those are far more deadly than ransomware when it comes to these big corporate hacks. Last edited by benb; 08-03-2020 at 12:27 PM. |
#41
|
|||
|
|||
Quote:
- Anything you are currently reading is probably pure speculation - You will not ever know the full story unless Garmin decides to have a 3rd party investigation and they release the full results - It is unlikely 1 piece of ransomware/malware/etc. took down an entire company - Backups/Disaster Recovery Plans/Hot Sites/Redundancy all depends on how they are set up and are not a panacea for all attacks - Training end users is helpful but only part of a larger defensive plan So, if you like Garmin products then continue to use them but continuing a conversation about what might have happened when nobody on this forum, or in the media, appears to have real information about the attack seems pointless IMHO. Last edited by NYCfixie; 08-03-2020 at 12:38 PM. |
#42
|
|||
|
|||
I'm the IT Manager for the Company I work for. I work closely with our Head of Security and all hires have to watch the mandatory Security Awareness training. I verify all of them have multi-factor authentication enabled for their accounts. It's a work in progress to get everything locked behind 2FA but the more the better. I also don't want users going with Approve/Deny versus having to manually enter in the 6 digit code. Yes it's slower but it's more secure and you would be surprised at the number of users that will just click Approve on their mobile phone even though they were not the one who initiated the request.
We will never know the extent of how bad it was with Garmin. From various sysadmin forums I frequent, the backups were encrypted as well. So unless you have cold backups that are written to then taken offline you are out of luck. Even then, the amount of time to restore is nothing trivial. In my previous company there was so much bureaucracy, siloing between teams and levels of Management that everything fell upon deaf ears or simply flat out ignored. "We don't have time for this or it's not in the budget or it can't possibly happen to us." This company also forced a 1.5 hour video with only 3 questions at the very end with passing being 80% so if you missed one you had to re-watch the entire thing all over again. No way to skip through or run at 2X speed. That was probably the most vocal I have ever had end-users storm over and vent. Hey, I had to watch the same thing, part of being the small company gobbled up in an acquisition. |
#43
|
|||
|
|||
Quote:
Greg |
#44
|
|||
|
|||
Quote:
|
#45
|
|||
|
|||
This is why tape based offsite backups are not going away. Air gap. Disk based systems with replication offsite can still be at risk as you stated.
|
|
|