Our Cyber Security Colloquium on 18 June 2020 is in the past. Nevertheless, the topic is relevant as never before. The possible extent of a cyber attack was demonstrated again about a month later, on 23 July. The smartwatch manufacturer Garmin was affected. What happened and how did the company extricate itself?
The attack was a ransomware called “Wastedlocker”. It attacked and blocked services such as “Garmin Connect” for sports and health and “Flygarmin”, a software for pilots. As is often the case, the hackers demanded a ransom to restore the data. The sum in question is said to have been 10 million US dollars. When the first users complained about the outages, the company initially disguised them as “maintenance work”. Later, Garmin confessed to what had happened. The services and the company’s telephone exchange were blocked for about 24 hours. The hacker association “Evil Corp” was probably behind the attack.
The block was probably ended by paying the million-dollar ransom to the hackers. In addition, however, in the worst case scenario, the US government could impose a fine. The US government has sanctioned both the Evil Corp and the Wastedlocker. Accordingly, no business transactions are allowed between the perpetrator and the victim, which also affects the ransom.
Contrary to expectations, a hacker attack like this is unfortunately not an isolated incident. Most of the companies affected do not disclose when such an incident has occurred for image reasons. Unaffected companies increasingly make the mistake of assuming that they will not be attacked by hackers because they are “not an interesting target”. The word “interesting” plays an important role here, because in most cases a hacker is not the least bit interested in the company he is attacking. Often he does not even know which company he will “catch”, as the selection is made randomly by the programme. The programme “fishes” until a company “bites”.
At our Cyber Security Colloquium, we were able to catch a glimpse of the perspective of the perpetrator and that of the victim. Gerhard Klein was also the victim of a hacker attack in 2018 with his printing company and told us openly and honestly about the associated business and not least health consequences.
In order to understand how a hacker proceeds and how he exploits typical security gaps, Martin Wundram gave us an impressive insight into the thought processes of a hacker. To demonstrate all this in a legal way, he hacked a fictitious quarry company live and then gave useful tips on how to prevent such an attack.
Here you can access the overview of our colloquium and the videos of all our speakers.
Do you have questions about cyber security or would you like advice? Please feel free to contact us:
Dr. Klaus Wörsdörfer
horst weyer und partner gmbh
Düren | Deutschland
+49 (0) 2421 69091-0