Cybercriminals crippled auto dealership software provider CDK Global with a series of ransomware attacks, forcing auto dealerships to switch to pen and paper for many of their computerized functions.
The initial attack knocked two of CDK’s data centers offline and had just begun to recover from the attack that affected thousands of car dealerships across the U.S. when the hackers struck again.
The second attack occurred on June 19th, again forcing CDK to shut down its systems.
For security alerts and expert tips, sign up for KURT’s newsletter, The Cyberguy Report.
BMW car dealer (Kurt “Cyberguy” Knutson)
What you need to know about CDK cyber attacks
The cyber attack on CDK Global not only affected the company, but also thousands of customers and members of the public who were planning to buy new cars.
CDK Global is a SaaS provider for clients in the automotive industry. The company provides auto dealerships with software to handle operations such as financing, inventory, back office, and payroll. CDK’s services are used by more than 15,000 auto dealerships across North America. The company also employs thousands of people.
Click here to get FOX Business on the go
Attack timeline
Cybercriminals have attacked CDK twice. The first attack took place this month and, although CDK Global did not provide details, Bleeping Computer The company reported that the issue was related to its always-on VPN.
Car dealers use a special always-on VPN connection to CDK’s data centers, which allows the dealer software installed on the dealer’s computers to access CDK’s platform. CDK software has permissions to update itself automatically (e.g., administrative privileges), so it’s no surprise that CDK recommended disconnecting from its data centers in the event of a security incident.
CDK reported some services were restored on June 20, telling CyberGuy that another cyberattack had taken its systems offline again.
“Late in the evening on June 19th, we experienced a further cyber incident and proactively took down the majority of our systems. We are working with third-party experts to assess the impact and providing regular updates to our customers,” said Lisa Finney, senior external communications manager at CDK Global.
“We remain committed to restoring service and getting our dealerships back to business as usual as quickly as possible,” Finney added.
CDK Global announced on June 24 that the intrusion was actually a ransomware attack, meaning the company’s systems would not come back online until it paid the hackers a ransom. CDK’s software remained down as of this writing, Reuters reported. It won’t be back online until the end of June.
Bloomberg reported A hacking group known as BlackSuit is said to be behind a cyber attack on CDK Global and is demanding tens of millions of dollars in extortion payments.
BMW car dealer (Kurt “Cyberguy” Knutson)
Confidential patient information exposed in data breach at major pharmaceutical company
How are dealers responding?
Auto dealerships across the US are feeling the pinch from the CDK cyberattack, but some are getting smarter. Employees are using social media to Like Redditsharing how they’re keeping things moving with spreadsheets and sticky notes, which allows them to handle smaller sales and repairs, but has put larger deals on hold for now.
Major manufacturers like Honda, Toyota, and Hyundai are closely monitoring how much the outage is affecting their dealerships, with Honda going even further, telling affected dealers to use alternative tools and processes to keep operations running smoothly until CDK can bring its systems back online.
Massive free VPN data breach exposes 360 million records
How does the CDK cyber attack affect you?
Car dealerships rely on CDK’s software to manage many aspects of their operations, including financing and inventory management. If these systems go down, it could slow down the car-buying process, affecting people looking to buy a new car.
Getting services like maintenance and repairs from dealers can be delayed or interrupted because the dealer’s management systems are offline. CDK’s software also helps dealers manage financing and lease agreements. The cyber attack has disrupted these processes, causing delays in securing loans and leases for customers.
Toyota dealer (Kurt “Cyberguy” Knutson)
Ticketmaster data breach exposes data of 560 million customers, IT group says
Cybersecurity lessons learned from the global CDK attack
The CDK Global cyberattack is a stark reminder of the inherent vulnerabilities in our digital world and the far-reaching impact such a breach can have. The incident highlights several important security considerations that should be taken into account:
1. Ransomware Recognition and Prevention
was found to have been involved in the attack Ransomware This highlights the ongoing threat posed by this type of malware and serves as a reminder that you need to be vigilant about the security of your personal devices. Here are some steps you can take:
Regular backups: Back up important data regularly External Hard Drive or Secure Cloud ServicesThis allows you to recover your data without paying a ransom if your device is compromised.
Update your software: The operating system, antivirus software, and all applications Latest To protect against known vulnerabilities.
Email Note: Be on guard spamEspecially those that include attachments and links. Phishing emails It’s a common method of distributing ransomware, and the best way to protect yourself from clicking on malicious links that install malware that may access your personal information is to install antivirus protection on all your devices, which will also alert you to phishing emails and ransomware scams. We’ve handpicked the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
Click here to read more US news
2. Strong authentication and access control
Although the CDK attack involved an always-on VPN connection, the principles of strong authentication still apply to you. Protect your accounts by:
Two-factor authentication (2FA): To enable 2FA All accounts offered provide an additional layer of security beyond passwords.
Unique Password: Use unique and complex passwords for your different accounts. Password Manager To keep track of them.
3. Incident Response and Personal Data Protection
The extended outage and its impact on dealership operations highlights the need for unique incident response plans.
Know the recovery steps: Make sure you understand the steps to take if your device becomes compromised (such as disconnecting from the internet). Run a virus scan and Restoring from a backup.
Privacy of Personal Information: Be careful when sharing personal information online: use your privacy settings on social media and be mindful of the data you share with different services.
4. Regular Security Audits
Just as businesses need to regularly assess their security, they also need to:
Check your account activity: Regularly check your bank and credit card statements for fraudulent transactions.
security settings: Regularly review and update the security settings on your devices and online accounts.
Taking such proactive measures can significantly reduce the risk of becoming a victim of a cyber attack. The CDK Global incident is a stark reminder that cybersecurity is not just a concern for businesses, but for everyone living in an increasingly digital world.
Important points about the cart
When a company of CDK’s size is affected by a ransomware attack, it disrupts the entire market, which is exactly what we are witnessing now. Many dealers in the US use CDK Global’s software and will be paralyzed in business unless they find another alternative. To minimize the losses suffered by dealers, the company needs to strengthen its security systems and act quickly against cybercriminals.
Click here to get the FOX News app
What role should governments and regulators play in helping businesses affected by ransomware attacks? Cyberguy.com/Contact Us.
If you want to hear more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter.
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
