No real new info there, but they do say that “Garmin Pay” data was not compromised, suggesting that they do store payment details.
They may still store payment card details tokenized.
I just learnt that actually Garmin did pay to recover data using hackers encryption key:
https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/
Amazing! Isn’t that a breach of US Govt policy, based on where Wastedlocker are based?
It really looks like the report is true, but I don’t think this is necessarily correct
Just because there is no publicly known attack on the crypto used doesn’t mean there isn’t one, perhaps developed by one of the security agencies, or by a 3rd party cashing in on it.
OTOH one of the security agencies (e.g. the NSA) would much rather waste Garmin than expose that they have the technology to break AES or RSA because that would be the biggest bombshell since crypto was “invented”.
Interesting that Kaspersky (above link) recommend using RDP, given that RDP itself has turned out to be easily vulnerable, unless used over a VPN.
The UAC bypass method here is hilarious! That article is also interesting anyway. I wonder if Garmin got hit via a non-VPN RDP port? That was a recently patched vulnerability.
Oh man, could they break RSA or AES, lot of stuff will happen soon in the computer world… Either NSA got to find the private RSA key by any mean or they just paid. 10M$ is not that big after all for Garmin.
lot of stuff will happen soon in the computer world
Only if the fact becomes public.
The UK GCHQ invented RSA many year before “RSA” did. They just didn’t talk about it
Yes if such a thing got out there would be mayhem. But this kind of capability is exactly that these agencies spend taxpayer money on. If the GCHQ is unable to read my emails, I would regard them as a waste of public money.
At $10M a pop, there must be a lot of banks involved in money laundering Well, we knew that
Peter wrote:
Interesting that Kaspersky (above link) recommend using RDP, given that RDP itself has turned out to be easily vulnerable, unless used over a VPN.
RDP has been improved over time, and it usually is used in combination with a VPN.
I think the general advice, amplified, over use RDP is:
That way the enormous attack surface of the corporate Windows servers are not exposed to remote workers; the attack surface is limited to the RDP service, which is much less vulnerable than the smorgasbord of potentially attackable stuff a Windows server exposes by default.
A huge amount of malware travels by exploiting issues with Microsoft’s CIFS implementation (a lot of known vulnerabilities companies are very slow to patch). Providing nothing except an RDP connection mitigates the enormous attack surface that you’d otherwise have just by allowing people to join the network.
Newer services like MS Always On are very convenient but you better always be bang up to date with your patching of everything, because in that Microsoft monoculture, infection will travel like wildfire. Especially when you consider the insecure networks things like laptops will end up joining.
That’s all sound advice but …
etc…
I have a load of VPNs across the systems I look after and all of them are constantly attacked, all day, all night, mostly from China/Russia, and if this never worked, nobody would bother.
Yes but a VPN that terminates with only one thing on the other end results in a much smaller attackable footprint than a VPN that terminates in an entire network of things that can be attacked. Two factor authentication also helps protect against things like credential stuffing attacks (which is what the automated attacks are attempting).
Terminating the VPN at a RDP server doesn’t stop admins from doing their job.
Automated attacks of various kinds can easily be blocked using something like fail2ban.
E.g. you can set up a rule that if there are more than X failed login attempts to ban the host. Or ban a host if it tries to access well known directories that do not exist, like /admin. That gets rid of 99% of the stuffing attacks Peter is referring to above.