Insights

Garmin, the GPS technology and wearable device manufacturer, has reportedly been hit by WastedLocker ransomware in a cyberattack that is demanding $10 million to release its data. WastedLocker, thought to be tied to the Russian cybercriminal group, Evil Corp, was identified by Malwarebytes in May of this year. As of now, Garmin is the only known victim, however, Evil Corp has a history of attacking financial institutions around the world. In this cyberattack, the event has affected consumers who use Garmin GPS technology, such as Maritime, wearable GPS, Garmin Connect app, and Aviation who use the database services. Also, all of Garmin's call centers are shutdown. As a result of this cyberattack, Garmin is reported to have shut down its website, its apps, some of its production lines, and databases including work from home (WFH) employees' computers connected through a VPN in an attempt to stop any further spread of…

Throughout the evening, Critical Path Security was made aware of an attack on high-profile users of Twitter. This attack was used to facilitate the generation and collection of BitCoin and other cryptocurrency revenue. At this time, all indications point to this attack being one of unauthorized access to an internal management toolkit. The screenshots of this toolkit are shown below. What is undetermined at this time is if an internal employee was part of this attack. The following statements were made by the criminals to the Motherboard publication. "We used a rep that literally done all the work for us," one of the sources told Motherboard. The second source added they paid the Twitter insider." What is clear is the proper security around administrative tools at Twitter was insufficient for the risk they accepted by providing a social media platform to over 330 million accounts, including most of the 10…

Léargas Security has launched its most recent upgrade of Collector, a built-in feature of its Léargas SIEM platform, designed to bring comprehensive visibility into leaked data due to the increase of businesses operating in the work from home (WFH) era. Léargas Collector employs a vast array of scrapers, bots, and crawlers. Collector currently monitors over 22,000 TOR sites, social media, IRC, forums, and paste sites and continually extracts data for further investigation. Once an artifact is initially processed, NLP deep learning algorithms work to classify text and sentiment. All of that data is correlated and delivered to the platform. An important note is the platform now records and stores portions of the artifacts collected, both on the public web and dark web that Léargas believes are relevant to our clients as well as our mission to stop violent threat actors and prevent COVID-19 crime. Due to the shortened average lifespan…

Security researchers recently disclosed that they have discovered a handful of game-changing vulnerabilities that spell disaster for multitudes connected devices.  This past week, security company JSOF unveiled 19 CVEs – four of them critical remote code execution flaws – in a low-level networking software library that renders millions of devices vulnerable to exploitation. The researchers have labeled the set of vulnerabilities as Ripple20. The researchers have stated that the bugs will enable attackers to take control of internet-facing devices. Unfortunately, these vulnerabilities could lay dormant for years without bringing awareness to the consumer. As we've experienced with similar vulnerabilities, we expect these bugs to be leveraged in far widespread attacks, such as Mirai Botnet, or used as pivot points into corporate and home networks.  Critical Path Security and Léargas Security have partnered to deliver Suricata and Zeek detections to protect customers. Additionally, all Suricata rules will be updated and made available to…