Jump to content

Garmin Down For Maintenance

Kom

By Kom
in Technical Q&A

 Share

Recommended Posts

  • Replies 242
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Wayne pudding Mol

Wayne pudding Mol

Posted

I also have a pre-BMW V8 Defender. Also cost not much, also drinks a lot.

 

But it has a simple motor without any electronics beyond a distributor and I can fix it....

and where is it parked now and why? :whistling:

Link to comment
Share on other sites
ChrisF

ChrisF

Posted

FLYGarmin is back online flygarmin.com

Jip.

 

Sounds like the functions are coming back on line one at a time ...

Link to comment
Share on other sites
Rocket-Boy

Rocket-Boy

Posted

My dad drives a 1988 Land Rover Defender V8, and every time someone in a new, efficient diesel gives him the same schpiel he always replies with "The Landy only cost R60k. I can buy a shitload of fuel with the R400k change I have from not buying a Fortuner".

My brother said the same thing about his Landy, then fuel prices shot to R15+ and he realized that paying R800 to drive 300km wasnt what he wanted anymore.

That car was awesome to drive though.

 

Then again its probably because I fill up every 3 odd months being in a permanent work from home position  :whistling:

Link to comment
Share on other sites
Rocket-Boy

Rocket-Boy

Posted

I'll give you an example of my company's dilemma when it happened.

 

The servers that the data was on were shutdown, immediately - that means we were unable to operate from that minute going forward. These were then formatted after the restore process on other servers were completed, and restored a few weeks later.

 

In the time between the existing servers being shutown and "repaired", software had to be loaded on other servers, eg. ERP system, Exchange server, and all the other 3rd party apps that were used (74 different apps). Once that was done, they had to test the integration between multiple servers and the apps we use, using a small amount of data. Once the testing was done, the backups could be restored - I don't know all the ins-n-outs, but I heard enough to understand the basics.

 

I'm not sure how Garmin would work, but I'm sure they would have a similar dilemma... have to reload everything from scratch.

 

edit: grammar

Yup it sounds about right.

I get involved in security incidents fairly often from an investigation perspective.

In our environment we run both Qualys and Crowdstrike on all servers. Qualys does vulnerability management and Crowdstrike is a bit of a hybrid intrusion detection system/AV software.

 

The normal route an attack like this takes place(the same happened to Twitter recently) is that they will spearphish a known target in the organization and socially engineer their way through them.

Then its a case of establishing a repeatable entry method in a few locations and an investigation of the network and servers. 

At this point on a high profile network there should be a bunch of "honey pots" which are servers that exist for the sole purpose of finding out if anyone is in your network. There should be no activity on those servers at any point, so if something happens on them it trips an alert.

Back to the "hackers" they will often use really basic tools to try and elevate permissions and then start encrypting if their software is allowed to run...

 

Most servers would be virtualized these days so backups can be in the form of bare metal for the entire server layer of OS/apps/data. The backups can also be just data and config if its quick enough to spin up a new server and install the basics before restoring.

 

To me though the bottom line is that it shouldnt have happened. Some security people are going to be sweating pretty hard through the hearings that follow this incident.

Link to comment
Share on other sites
Pieter-za

Pieter-za

Posted

To me though the bottom line is that it shouldnt have happened. Some security people are going to be sweating pretty hard through the hearings that follow this incident.

How will you implement a defensive strategy against WastedLocker? 

Link to comment
Share on other sites
Stretch

Stretch

Posted

 

 

.

 

To me though the bottom line is that it shouldnt have happened. Some security people are going to be sweating pretty hard through the hearings that follow this incident.

We are a multi national GPS company also in some pretty important sectors.... I'm wondering if our IT team is sweating bullets... Pretty sure they are

Link to comment
Share on other sites
Ozzie NL

Ozzie NL

Posted

Im wondering why everything hasnt been restored from backup yet.

Did their SAN's get infected too? Most have a hardened Linux based kernel so its unlikely to be the case.

Were they not backing up all of the core systems?

Or is it the age old "we have backups" until you try restore from them and find they dont actually work.

Hardened Linux based kernel......can you serve that in digestible chunks?

Link to comment
Share on other sites
DieselnDust

DieselnDust

Posted

Hardened Linux based kernel......can you serve that in digestible chunks?

 

sounds like a vegan computer

Link to comment
Share on other sites
fanievb

fanievb

Posted

We are a multi national GPS company also in some pretty important sectors.... I'm wondering if our IT team is sweating bullets... Pretty sure they are

 

i just know we will be getting questions from our non-execs this week.

 

"will you be ready if something happens to us?"

Link to comment
Share on other sites
Rocket-Boy

Rocket-Boy

Posted

How will you implement a defensive strategy against WastedLocker? 

It has to be a multi-phased approach.

Firstly all filesystems should already be encrypted to begin with, secondly the flow of data should be segregated with very specific permission sets.

In terms of deployment tools for something like WastedLocker the payload gets deployed via SocGholish or Cobalt strike(or a combination) Having something like Crowdstrike will prevent them and the rest of the tools from executing, it will also alert and block traffic to the servers if setup correctly.

Most of these companies are not using a Privileged Access Management(PAM) system but that would go a long way to both limiting damage and providing traceability on the actions performed on the affected servers.

 

With all of the zero hour vulnerabilities for sale on the darkweb its not always possible to prevent intrusion but the design of the systems should cater for that.

Unfortunately very few devs consider security when writing systems so the controls are not always in place.

Link to comment
Share on other sites
Rocket-Boy

Rocket-Boy

Posted

If you still have to do bare metal restores with todays tech you should not be in IT at all.

I agree its not always necessary but sometimes its the fastest way to get back online.

Ops teams and security teams generally have different and sometimes conflicting objectives so Im sure a full rebuild was what took place with Garmin.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
Buy & Sell Forums Events News Stolen Bikes
Latest Ads Create Ad

All Categories

Cycling Industry Jobs All Categories

Bikes

Mountain Bikes Road Bikes Electric Bikes Triathlon & Time Trial Bikes Gravel & Cyclocross Bikes Commuter Bikes Kids Bikes Track Bikes Fat Bikes Tandem Bikes BMX Bikes Vintage Bikes Unicycles All Bikes

Electric Bikes

Mountain E-Bikes Road E-Bikes Commuter E-Bikes E-bike Frames & Parts All Electric Bikes

Frames

MTB Frames Road Frames Triathlon & TT Frames Gravel & CX Frames All Frames

Components

Drivetrain (Gears) All MTB Components All Road Components MTB Groupsets Road Groupsets Forks Rear Shocks Brakes Handlebars Stems Saddles Seat Posts Dropper Seat Posts Pedals Power Meters Vintage Components All Components

Wheels & Tyres

Complete Wheels Road Bike Wheels MTB Wheels Gravel Bike Wheels Rims Hubs Road Tyres MTB Tyres Gravel Tyres All Wheels & Tyres

Accessories

Electronic Gadgets Computers & GPS Watches & Wearables Bike Racks & Trailers Indoor Trainers & Accessories Kids Seats & Carriers Hydration & Bottles Bags & Backpacks Workshop & Tools Safety & Bike Protection Nutrition & Body All Accessories

Clothing & Apparel

Shoes Helmets Eyewear Jerseys Lycra Shorts Baggy Shorts Jackets Trisuits & Wetsuits Gloves Protective Gear Other Apparel All Clothing & Apparel

Events & Services

Event Entries Accommodation & Tours Shuttles & Bike Transport Cycling Industry Jobs Bike Services & Repairs Bike Fitment, Coaching & Training Bike Rentals Other Services All Events & Services
Sell on Bike Hub
Active Topics

Forums

General The Bike Room Sponsored
New to Cycling Ask Anything What Bike to Buy?
Gear & Bikes Tech Q&A Buyers Advice New Gear Post Your Bike & Projects Bike Shops & Services Retro / Vintage Bikes
Events & Training Events Pro Cycling Training, Health & Nutrition
Riding Group Rides Routes & Trails Share your Ride & Travels Gravity Commuting Multisport
Safety & Awareness Stolen Bikes Cycling Safety Fraud Alert Lost & Found Good Causes
Off Topic Chit Chat
Create a Topic Search Forums
Tech Events & Industry News Adventure & Travel Tips & Advice Promotions View all
Upcoming Events Create Event

All Event Categories

Browse by Category Mountain Bike Gravel Road Multisport General and Industry
Browse by Province Gauteng KwaZulu-Natal Free State Mpumalanga Northern Cape Western Cape Eastern Cape Limpopo North West International
Guest
Settings
    • My Forum Content My Followed Content Forum Settings
    • Ad Messages My Ads My Favourites My Saved Alerts My Pay Deals
    • Help Logout