Cybercriminals crippled auto dealership software provider CDK Global with back-to-back ransomware attacks. The result is that car dealerships are turning to paper and pens to perform many of their computerized functions.
The first attack caused CDK to take its two data centers offline, and just as it was recovering from the attack that affected thousands of car dealerships across the United States, the hackers struck again.
The second attack occurred on June 19, again forcing CDK to shut down its systems.
RECEIVE SECURITY ALERTS AND EXPERT TIPS: SUBSCRIBE TO KURT’S NEWSLETTER: THE CYBERGUY REPORT HERE
A BMW car dealer (Kurt “CyberGuy” Knutsson)
What you need to know about the CDK cyberattack
The cyber attacks on CDK Global not only affected the company but also its thousands of customers and ordinary people who were planning to buy new cars.
CDK Global is a SaaS provider for customers in the automotive industry. It provides auto dealers with software to manage operations such as financing, inventory, administration, payroll, and more. CDK’s services are used by more than 15,000 auto dealers in North America. The company also employs thousands of people.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
Chronology of attacks
Cybercriminals attacked CDK twice. The first attack occurred this month and, although CDK Global did not reveal details, Computer beeping reported that it was related to the company’s always-on VPN.
Car dealers use a special type of always-on VPN connection to connect to CDK data centers. This allows your dealer’s software, installed on your computers, to access the CDK platform. Since CDK’s software has permission to update automatically (like administrator privileges), it makes sense that CDK recommended disconnecting from its data centers during the security incident.
CDK reported having restored some services on June 20 and told CyberGuy that its systems were once again offline due to another cyberattack.
“Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down the majority of our systems. In partnership with external experts, we are assessing the impact and providing regular updates to our customers,” said Lisa Finney, Senior Manager of External Communications at CDK Global.
“We remain vigilant in our efforts to restore our services and get our dealers back to normal operations as soon as possible,” Finney added.
CDK Global announced on June 24 that the breach was, in fact, a ransomware attack, meaning the company’s systems will not come back online until it pays a ransom to the hackers. CDK’s software remains down at the time of writing and Reuters reported which will not be back online until the end of June.
Bloomberg reported that a hacker group called BlackSuit is behind the cyberattack on CDK Global, demanding an extortion fee of tens of millions of dollars.
Lot of BMW cars for sale (Kurt “CyberGuy” Knutsson)
Pharmaceutical giant’s data leak exposes sensitive patient information
How are dealers responding?
Car dealerships across the United States are feeling the effects of the CDK cyberattack. But some dealers are showing their ingenuity. Employees are taking to social media, like Redditto share how they keep things on track with spreadsheets and sticky notes. This allows them to handle small sales and repairs, but for now, larger transactions are on hold.
Big names like Honda, Toyota and Hyundai are closely monitoring the situation to see how much the disruption is affecting dealers. Honda even went as far as to tell affected dealers to use alternative tools and processes to keep business running smoothly while CDK brings its systems back online.
MASSIVE FREE VPN DATA LEAK EXPOSES 360 MILLION RECORDS
How does the CDK cyberattack affect you?
Auto dealers rely on CDK software to manage various aspects of their operations, including financing and inventory management. When these systems are not working, it can delay the car buying process, impacting those looking for a new vehicle.
If you seek dealer services, such as maintenance or repairs, you may experience delays or interruptions because dealership management systems are offline. CDK software also helps dealers manage financing and leasing agreements. The cyberattack has disrupted these processes, causing delays in customers obtaining loans or leases.
Toyota dealer (Kurt “CyberGuy” Knutsson)
TICKETMASTER DATA BREACH EXPOSES DATA OF 560 MILLION CUSTOMERS, GROUP SAYS
Cybersecurity lessons we can learn from the global CDK attack
The cyberattack on CDK Global is a stark reminder of the vulnerabilities inherent in our digital world and the far-reaching consequences of such breaches. This incident highlights several key security considerations that you should keep in mind:
1. Ransomware awareness and prevention
The revelation that the attack involved Data ransom highlights the constant threat posed by this type of malware. It’s a reminder to be vigilant about the security of your personal devices. Here are some steps you can take:
Periodic backups: Be sure to regularly back up important data to a external hard drive or a secure cloud serviceThis can help you recover your data without having to pay a ransom if your device is compromised.
Update the software: Keep your operating system, antivirus software and all applications up to date to protect against known vulnerabilities.
Email Caution: Be cautious with unsolicited emailsespecially those with attachments or links. Phishing emails are a common method of distributing ransomware. The best way to protect yourself from clicking on malicious links that install malware that can gain access to your private information is to have antivirus protection installed on all your devices. This can also alert you to any phishing emails or ransomware scams. Get my picks for the best antivirus protection winners of 2024 for your Windows, Mac, Android, and iOS devices.
CLICK HERE FOR MORE US NEWS
2. Strong authentication and access controls
While the CDK attack involved always-on VPN connections, the principle of strong authentication applies to you as well. Protect your accounts with:
Two-factor authentication (2FA): Allow 2FA in all accounts that offer it. This adds an extra layer of security beyond a simple password.
Unique passwords: Use unique and complex passwords for different accounts. Consider using a password manager to keep track of them.
3. Incident response and protection of personal data
The prolonged service interruption and its impact on dealership operations highlight the need for you to have your own incident response plan:
Learn the steps of your recovery: Familiarize yourself with the steps to take if your device is compromised, such as disconnecting from the Internet, running antivirus scan and Restore from backups.
Protecting personal information: Be careful when sharing personal information online. Use privacy settings on social media and be mindful of the data you share with various services.
4. Periodic security audits
Just as companies need to evaluate their security periodically, you should also:
Review account activity: Periodically review your bank and credit card statements for unauthorized transactions.
Security Settings: Regularly review and update the security settings on your devices and online accounts.
By taking these proactive measures, you can significantly reduce your risk of becoming a victim of cyber attacks. The CDK Global incident is a powerful reminder that cybersecurity is not just a concern for businesses, but also for you and everyone in our increasingly digital world.
Kurt’s Key Takeaways
When a company of CDK’s scale is hit by a ransomware attack, it disrupts the entire market, something we are witnessing right now. Many dealers in the US use CDK Global software, which means their business is at a standstill unless they can find another alternative. The company should work to strengthen its security systems and rush to deal with cybercriminals to minimize losses suffered by dealers.
CLICK HERE TO GET THE FOX NEWS APP
What role should governments and regulators play in supporting businesses affected by ransomware attacks? Let us know by writing to us at Cyberguy.com/Contact.
For more tech tips and security alerts, sign up for my free CyberGuy Report newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or tell us what stories you’d like us to cover..
Follow Kurt on his social channels:
Answers to the most frequently asked questions about CyberGuy:
Copyright 2024 CyberGuy.com. All rights reserved.
