Swn53

From Security Weekly Wiki
Jump to navigationJump to search

Security Weekly News Episode #53 - July 28, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. QSnatch Malware, ShinyHunters, & DEF CON Safe Mode - 02:00 PM-02:30 PM


Description

This week,QSnatch, <a href="http://dave.com" rel="nofollow">dave.com</a>, ShinyHunters, a quantum internet, government tyranny, and DEFCON! Jason Wood returns with Expert Commentary on A Cyberattack on Garmin Disrupted More Than Workouts!


Hosts

Doug White's Content:

Articles

  1. QSnatch Malware.
  2. Cisco has another 10/10 flaw in FTD/ASA.
    1. CVE-2020-3452
  3. NSA and CISA warn about Triconex Flaw that can lead to shutdown of safety systems in infrastructure OT.
    1. CVE-2020-7491
  4. dave.com leaks user data.
  5. ShinyHunters offer 26 million stolen accounts on the Dark Web.
    1. Credential Stuffing OPEd
  6. Source Code from major corporations leaked via unprotected DevOps.
  7. US creates plan for Unhackable Quantum Internet.
  8. Congress summons heads of Tech Giants in dark ritual.
    1. US tries to pass bills that would basically force backdoors into encryption.
  9. Twitter God Panel was used previously to spy on celeb accounts before the bitcoin hack.
  10. DEFCON is happening virtually.

Jason Wood's Content:

Articles

A Cyberattack on Garmin Disrupted More Than Workouts


When I say the name Garmin, I suspect the first thing that crosses your mind is either a fitness tracker or GPS devices that few people use any more. Times have changed though, so the the ransomware attack that has hit Garmin affected far more than you might initially think. A couple of the offerings that were effected could have had some fairly severe impacts. So what happened and why was it a bigger problem than not being able to track your last few runs?

The news is still pretty thin and I should point out that I have no knowledge based on what is publicly available. In a nutshell, Garmin is reported to have been hit by the WastedLocker ransomware. Garmin has only said that data was “encrypted on some of our systems on July 23.” If you check out the post they made yesterday, you can see a description to services that were unavailable, recovered, or not impacted. Garmin states that no customer information was accessed by the attackers.

Fortunately, for Garmin their statement that none of their data was stolen by the attackers appears to hold up with what we know about WastedLocker. There has been a move in the ransomware world for the actors to copy data to their servers and use the threat of public release to get the victims to pay out. WastedLocker does not use this tactic at this point. The ransomware is operated by a group labeled “Evil Corp. Apparently, the US Treasure put sanctions in place against Evil Corp at the same time that prosecutors released a 10 count indictment against the alleged leader of the group. I really want to know what the reaction to someone in Treasury as they processed this paperwork. “Hey boss, are we going after Dr. Evil and Mr. Bigglesworth too?”

Anyhow, let’s get back to the ransomware attack. The attack not only took out the ability to log a work out, it also prevented general aviation pilots from file flight plans with the FAA using their services and the ability to pull down charts to aviation navigation equipment. According to some reports it also would have inhibited the use of hardware in the aircraft. I was particularly interested in how this would impact things like flight navigation, auto-pilot, and their new AutoLand functions. The AutoLand is a bit spooky as it is supposed to allow an incapacitated pilot or a passenger tell the plan to communicate with flight controllers and automatically land an aircraft. This is still in the early phase of release and it is only in a few planes. It would be pretty freaky to find out that wasn’t working during an emergency.

Garmin also has marine equipment and software offerings. One of which allows ships to set the parameters of their ship’s size and depth profile, then automatically plot a course through waters safe for them. I haven’t heard if this system had trouble, but it would suck to be in a ship depending on it if it was. To be honest though, both ship captains and pilots are trained not to depend on these systems solely. There are fallback systems and they are meant to aid a person in their roles, not replace them. Except for that AutoLand thing. That is designed to step in for a pilot for a very short period of time.

The interesting thing about this incident is that it illustrates some unexpected impacts that could occur. As we continue to put more of these systems into how we function and expect to do things, it can really throw things off when things go wrong. In this case, it impacted flight operations to some extent and prevented some planes from leaving the ground due to out of date charts. Now I’m just curious to hear if Garmin paid up or was able to recover on their own.


https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/

https://www.garmin.com/en-US/outage/?zebratwo=CJ&cjevent=e21bc9aed0f711ea809700940a1c0e0c&utm_source=CJ&utm_medium=Text