Averting a Garmin-like attack: The Remote Browser Isolation way

On 23 July, many of the Garmin fitness band and smartwatch users were unable to sync their wearable devices to the company’s systems over the last few days. Turns out they were not alone. Customers of Garmin’s aviation services, including flyGarmin and Garmin Pilot, were also experiencing outages. Never had Garmin users experienced a strange scenario of this kind before. For people whose life depended on Garmin for their daily fitness schedule or to file, amend and close flight plans in the cockpit using an iPad or iPhone, it was no less than a shock. Later it turns out that Garmin’s systems were held hostage by a malicious cyberattack – a WastedLocker ransomware to be precise. It took more than four days for the company to restart services. The attack has not only hurt the company reputationally and financially but has disrupted the routine of millions of customers.

Garmin’s services started to function back on 27 July on Monday, four days after the outage began. But Garmin services aren’t hundred percent up. Users can track the status for flyGarmin at https://status.flygarmin.com/ and for Connect at https://connect.garmin.com/status/. The incident highlights the serious threat ransomware poses to organizations across industries disrupting services that millions of people rely on.

Now the question remains: How do we avoid the collateral damage caused by a ransomware attack?

Embrace the principle of Zero Trust to contain the impact of ransomware

As former Intel CEO Andrew Grove once wrote that “only the paranoid survive” in a book with the same name, a perpetual state of concern is beneficial to the security of an organization. We need to understand that Garmin-like ransomware attacks are becoming ubiquitous and a high possibility in today’s interconnected world. Emisoft report underscores that at least 966 US governments, healthcare providers and educational establishments were hit by ransomware costing $7.5 billion in 2019.[i] Hence suspect-everyone-trust-none must be the premise on which your security strategy is built. Zero Trust security methodologies do just this by operating under a policy of “never trust, always verify,” thereby ensuring no unauthorized access is ever granted to the endpoint or network. By implementing a solution based on the principles of Zero Trust, organizations can minimize the risk.

Zero Trust focuses on reducing the attack surface and impact using various technological approaches such as identity validation, privilege management, and endpoint isolation.[ii] First introduced by Forrester analyst, John Kindervag, in 2010, the Zero Trust approach secures against all attacks, both external and internal, treating every interaction with the endpoint or server as a threat.[iii]

By incorporating the right Zero Trust solutions into an organization’s security strategy, as stated in of Cyberinc’s whitepaper ‘Zero Trust: Reimagining Security for the Financial Services Industry’, it becomes possible to secure the entire portions of your attack surface by closing the entry point to threats.

Remote browser isolation to prevent Garmin-like outages

To prevent Garmin-like attacks, it is important to seal the biggest gateway that brings viruses and malware into your system and then lets them move laterally across your network. In 98% of these attacks, that gateway is none other than the web browser.[iv] That means organizations can prevent the 98% of attacks if they protect their browser activity. A simple and effective way to provide browser security is through Remote Browser Isolation (RBI). RBI contains browser activity inside an isolated environment (Zero Trust). RBI fetches, executes, and renders and executes all elements of a page away from the user’s device, effectively protecting against WastedLocker-like ransomware attacks and sparing organizations all the headaches – monetary losses, lawsuits, regulatory action and reputational damage..

The SANS Institute in its report[v] also explains why remote browser isolation is critical to any organization’s cybersecurity program for one key reason: almost all work performed today requires use of the browser, especially with current remote workforce models and heavy reliance on the cloud, and attackers focus on the browser as one of the biggest – and potentially most vulnerable – attack vectors.

While Garmin took four days to crawl back to business from the cyberattack, it is highly likely that it will take months to reestablish the same trust among users. When your motto is “Wheels up, as quickly as possible” but your service is down for four days, customers may think twice before recommending your service. Organizations can minimize the risk by simply embarking upon the Zero Trust journey.

Onkar Sharma

Principal Specialist – Content Marketing, Cyberinc