• Suspected Ransomware Attacks Garmin

    In today's day and age, everything is managed online and all the data is also stored online. Whatever we do, be it booking a table for dining out, or making an online transaction for some money to be sent to one of our friends, it is all done online. While doing any activity, every website keeps a track of the data transferred by us. These are the little footprints we leave behind when we do some activity online. This is generally the data regarding our identity and the device/browser we used, and also the mode of transaction we used to complete that activity. And most of us also think that there's nothing very important in the data transmitted by us. I have always pressed the issue of the importance of cyber-security on my blogs and with this, I intend to educate as many people as possible to that people could understand the importance of data and try to keep it as safe as possible.


    Just a day ago, a major avionics manufacturer, Garmin was attacked by a ransomware. This is not a confirmed news, but sources say that a leaked email had a piece of information about the organization getting attacked by a ransomware. Garmin also tweeted yesterday that they are experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down. They also tweeted that their customer support centers are down too for the time being. Very recently, Twitter was also attacked by some cryptocurrency enthusiasts and they used the accounts of many celebrities asking for a donation. But the question arises, what is ransomware?


    Ransomware is malicious software that may transmit into a computer system through infected emails, attachments, and files. It usually attacks its victims, by tricking them that their system has suffered a data breach, and to get a hold of the data again, they need to make a payment some money to get it accessible again. Ransomware also sometimes lock a user out of their system by locking the screen with the help of a password set up remotely or encrypting the data which was in such a system, so that they could disable the user from getting the access to his data.


    Why is Ransomware a threat? I am writing this blog because just a day before Garmin's app to assist pilots got attacked by one such ransomware. It blocked the pilots' ability to file for a flight plan, and the entire website, Flygarmin was down blocking the pilots to access it. Garmin's Connext Services were also down, resulting in the outage of the weather data, CMC and position reports.


    Criminals are targeting more and more large corporations and I think that is because of the availability of large chunks of data. Very recently, car manufacturer, Honda was also attacked by one such ransomware. Attackers also misrepresent themselves as customer support services such as DHL, FedEx, or UPS, which can further intimidate the people into paying up a sum of money to get their data safe.


    There are many ways you can keep your data safe. One such way is by installing the security updates of the operating system regularly. Users may also protect their system by using a good quality anti-virus or anti-ransomware software, which are easily available in the market and are easy to install too. You should also have your IT team secure your firewalls so that they may protect the system from any potential attack. Lastly, it is very important to take regular backups of personal and official data so that no one can trick you into paying to get access to your data.


    How does Absolaw help? Absolaw can help the people who have suffered or might have suffered a data breach by examining the documents about such individuals and compiling a notification list of the data points which might have suffered a breach too. We, at Absolaw, understand the importance of personal data and concur with the GDPR elements, so that a good quality notification may be ensured.


    On a broader note, I hope the situation with Garmin gets resolved soon and all the services associated with it will be up and running soon. I also hope that the young generation should start taking the importance of personal data more seriously, so that they may prepare themselves on how to protect any such data, both offline and online.

  • The Twitter Fiasco

    It is all over the news from the past few days on how the accounts of some of the most prominent users on Twitter were hacked by some Bitcoin enthusiasts. While we sit behind our computers and smartphones, using some form of social media daily, we usually feel that our privacy and the data we share over the internet is safe. But this incident has yet again uncovered all the loopholes a typical social media website might have with the systems meant to protect your data. And even after that, these corporations claim that they have the necessary systems in place to protect our Personal Data.


    When we talk about social media, we get a picture in our mind which is usually limited to Facebook, Instagram, and Twitter. Some people say YouTube also, but it's not a social media rather a video sharing platform. Netizens enjoy spending time over social media. Sharing locations on Facebook to sharing moments on Instagram and ranting about government policies on Twitter, this has all become a daily routine for us. But in this process, we often forget how easily we are risking all our data and letting big corporations judge us based on numbers and personal choices.


    I wrote a blog about how Twitter has become a major player in the social media arena in the past decade standing beside Facebook and Instagram. I wrote that blog to commemorate the 14th birth anniversary of Twitter. Little did I know, the time I was writing the blog, some people would have been very busy in breaking into, what might be one of the sophisticated computer networks in the world. Hackers broke into the systems of the employees of Twitter and tweeted from some of the most influential people of the world, saying that they are feeling generous and will double the amount which is sent to their bitcoin accounts. Individuals such as Jeff Bezos, Barack Obama, Elon Musk, Kanye West, Kim Kardashian, Joe Biden were among the few whose accounts were hacked.


    Twitter instantly took action when it realized that something has gone wrong, and by action I mean it temporarily suspended the accounts of all these individuals and many others, who all had a 'Blue Tick' i.e. a verified account on Twitter. Twitter has said that it has fallen prey to a well-coordinated social engineering attack on its systems. But during this entire fiasco, the flaws in Twitter's systems were brutally revealed. And this is not the first time Twitter has got exposed to such humiliation.


    Back in 2017, a disgruntled Twitter employee deactivated Donald Trump's account for a few minutes. Last year, a few of Twitter's employees were accused of spying on the government officials of Saudi Arabia. It shows how the internal systems of Twitter might be flawed and how some people might take advantage of it in the future.


    The major concern here is not how some social engineers took advantage of the lackluster security at Twitter, but how this system could be influenced and used in someone's favor in the elections. The US is on the verge of a major election and social media plays a huge role in forming the opinion of the voters. Twitter is one of the social media platforms which is known for the presence of all the celebrity politicians, journalists, and a large user base. There is a major concern of another Cambridge Analytica kind of a targeted campaigning taking place, and this time with the help of Twitter's weak security.


    The question is why Twitter hasn't been able to update its internal systems and make them strong against the attacks by hackers. Twitter is funded by Elliott Management and there sure goes a lot of money in funding the research and development departments there. According to sources, a rough amount of around $700 Million was spent last year for this purpose, so that they may train its people against such attacks. Twitter's competitors, Facebook, and Instagram have hugely succeeded in the quest of making their systems hard to break into. Not just that, Facebook had also exponentially surpassed Twitter in terms of ad technology and is minting money with the help of ads on its networks and on the other hand, Twitter has failed to take advantage of its massive user base and turn it into an ad market to make more profits. Sure the investors would not be very happy after all such money spent into R&D and witnessing an attack of this magnitude.


    Twitter should understand the need of the hour and build a rock-solid fortress with its computer networks so that they may become impossible to break into. This will help it to retain its existing user base and it would also become attractive for new users who might want to join Twitter in the future. It would also spare Twitter some of this humiliation going forward and would make it a lucrative option for the customers to show their ads on. Elliott should also take charge of the situation now so that such incidents could be avoided in the future.


    In my opinion, it was a small social engineering attack where the hackers only wanted people to deposit cryptocurrency into their accounts. Had it been something that has the potential of starting a war, the situation would have been even worse. I will write another blog on how our data which we share on various social media platforms is not invulnerable these days.