Well, actually you’re backing up the virus. Which is usually part of the plan.
1 Like
Yes, and no. Depending on the set up. And with cloud vendors decrying the need for backups for many years, nothing would surprise me. I looked a Microsoft CISO in the eye once and said “You know replication is not backup, right?” and he didnt even blink. 
Most major/traditional businesses would have offsite backups/archives you can recover the data from. Cleansing/rebuilding the whole infrastructure to receive the restored data is another matter.
2 Likes
Everyone has a DRP, everyone claims it’s impossible to really test it, everyone claims they’ve piece-meal tested it so it’s all good.
Until shite happens.
There’s usually a pretty serious DRP review exercise the month after.
4 Likes
Well, “luckily” the modus operandi is fairly well known. Thats not to say it doesnt change or adapt, but this is a business for them - they know what gets them the most money stolen. In the old days it was a bit of a free for all and harder to manage risk as a consequence. This is more of a known quantity.
Youre still scuppered though, if you have neglected infosec and infra.
1 Like
Why indeed!
I cant remember how many times Ive asked that question or similar, nor the number of weird and wonderful answers you get. It usually boils down to funding and resource availability.
What do you define as “prod storage”? Production is but one contributor and user of MRP/ERP data.
I guess it means whatever people want them to be.
In my experience, prod storage is where the data customer data.
No development and anything that is not related to the actual use of the data should be using that storage.
In case of garmin. The data the users produced, and only services associated to garmin connect should access that storaga area
1 Like
Ah - I read it as “production data”, which for a manufacturing guy like me is all the data required to manufacture and test (hence the core of the MRP).
Yes. thats also production data.
should be separated from consumer prod data.
But somehow the virus affected ALL of garmin.
Part of the “all of Garmin” effect results from shutting down everything to stop the infection.
Kinda like a lock-down, you know? Then come the re-openings, and the masks.
3 Likes
Fair. Could be that. Or could be that all of their system as interconnected.
Garmin was not infected a week ago.
It takes a long time to encrypt enough data for this scheme to work. IIRC, i read somewhere that the virus would encrypt small portions of your data, making the system slower and slower, but at a rate you would not notice at first… then BOOM…locked out.
As for it happening again, this will depend on how this started. If Garmin thought they were already safe then it could happen again. They should explain how this happened.
Did it start from an email attachment a user opened, or did they came directly from the outside via an unpatch system or public facing RDP server they didn’t know existed.
As you say these attacks can happen to any company. Risk can be reduced, but I can tell you from personal experience that companies have no idea what assets they own and are they patched or protected with security software. There is so many ways this could have gone wrong once the attackers had access.
2 Likes
Complexity is the enemy of so much in life and business, and certainly in security.
This isnt a driveby, as posted above its a targetted attack by people with the skills, experience and funds (and now it seems even more funds) to make it hard to defend against. If one avenue of attack doesnt work, they’ll try others. Defence in depth will help.
You say it is targeted and although I agree it most likely is. It would be very embarrassing for Garmin if this turned out to be a driveby of a 3rd party supplier that had access to the Garmin network and it came in that way. MSP attacks are a dream for these guys. They hit someone small and then find they have hit the jackpot with access to other networks.
Garmin need to be transparent. Either way it is embarrassing at the very least.
Well my rides are syncing, but trainerroad workouts are not syncing yet for me to connect. Something I can do to force it? I did a re-authorize already in tr.
I think it is just a backlog issue. I had a swim sync yesterday morning but neither of my evening workouts have come through yet.
1 Like
Its really difficult, you may be as secure as you can be and patch regularly but if for example your remote access gateway has a vulnerability and the supplier only releases a patch ‘after’ the it exploited then you are exposed.
Also if you use a system and that is critical to the operation of your organisation, and have for a number of years you are beholden to the supplier ensuring that they update their product regularly, and I can tell you in health it is a nightmare trying to get suppliers to keep their products up to date…we are constantly managed clinical risk v cyber exposure.
phishing attacks during the covid-19 crisis jumped by a huge amount, health tech and health providers were (are still) deliberately targeted at a time when they are under huge pressure and therefore seen to be an easier target, or one with information that can be leveraged
1 Like
From Garmin’s status page:
Workouts - Limited:
- Workouts can be created in Connect Web and Mobile but are currently not syncing to devices.
- Third party Workouts sent through the Training API will be queued to sync.
1 Like
I’m downloading a massive maps update as it is well overdue. If it fails I’ll just go to openmaps directly
This morning on my PC I was still getting the message that Garmin was down. I cleared my cache and Garmin was back. I did this on my Android phone with Garmin Connect. I had the same message that Garmin was down with no explanation, cleared the cache, and while I still did not connect, the message changed to they are working the problem and will be up soon.