Cybercriminals crippled car sales software provider CDK Global with back-to-back ransomware attacks. As a result, car salespeople are turning to paper and pens to perform many of their computerized functions.
The first attack caused CDK to take two of its data centers offline, and just as it was recovering from the attack that affected thousands of car dealerships across the US, the hackers struck again.
The second attack occurred on June 19, again forcing CDK to shut down its systems.
GET SECURITY ALERTS, EXPERT ADVICE – SIGN UP FOR SHORT NEWSLETTER – CYBERGUY REPORT HERE
A BMW car dealership (Kurt “CyberGuy” Knutsson)
What you need to know about the CDK cyber attack
The cyber attacks on CDK Global not only affected the company, but also thousands of its customers and regular people who were planning to buy new cars.
CDK Global is a SaaS provider for customers in the automotive industry. It provides car dealerships with software to handle operations such as financing, inventory, back office, payroll and more. CDK’s services are used by over 15,000 car dealers across North America. The company also employs thousands of people.
GET FOX BUSINESS IN ALBANIA by clicking HERE
Timeline of attacks
Cybercriminals targeted CDK twice. The first attack occurred this month, and while CDK Global did not disclose details, Sounding computer reported that it was connected to the company’s always-on VPN.
Car dealerships use a special type of VPN connection that is always on to connect to CDK’s data centers. This allows their vendor software installed on their computers to access the CDK platform. Since the CDK software has permission to update automatically (as administrator privileges), it makes sense why CDK recommended disconnecting from their data centers during the security incident.
CDK reported the restoration of some services on June 20 and told CyberGuy that its systems were once again offline due to another cyber attack.
“On the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems. In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers,” said Lisa Finney, high. external communications manager at CDK Global.
“We remain vigilant in our efforts to restore our services and return our merchants to business as usual as soon as possible,” Finney added.
CDK Global announced on June 24 that the breach was, in fact, a ransomware attack, meaning the company’s systems will not be brought back online until it pays the hackers a ransom. The CDK software remains disabled as of this writing, and reported Reuters that it will not be back online until the end of June.
Bloomberg reported that a hacker group called BlackSuit is behind the cyberattack on CDK Global, demanding an extortion fee of tens of millions of dollars.
BMW car sales (Kurt “CyberGuy” Knutsson)
PHARMA GIANT DATA BREAK EXPOSES SENSITIVE PATIENT INFORMATION
How are sellers reacting?
Auto dealers across the US are feeling the pinch from the CDK cyber attack. But some vendors are showing their versatility. Employees are using social media, like Reddit, to show how they’re doing with spreadsheets and sticky notes. This allows them to handle smaller sales and repairs, but for now, bigger transactions are on hold.
Big names like Honda, Toyota and Hyundai are closely monitoring the situation to see how badly the sales disruption is hurting. Honda even went further, telling affected dealers to use alternative tools and processes to keep business running smoothly while CDK brings its systems back online.
MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS
How does the CDK cyber attack affect you?
Car dealerships rely on CDK software to manage various aspects of their operations, including financing and inventory management. When these systems fail, it can delay the car buying process, affecting those in the market for a new vehicle.
If you are requesting vendor services, such as maintenance or repairs, you may experience delays or interruptions because vendor management systems are offline. CDK’s software also helps sellers manage financing and leasing arrangements. The cyber attack has disrupted these processes, leading to delays in securing loans or leases to customers.
Toyota dealership (Kurt “CyberGuy” Knutsson)
TICKETMASTER DATA BREACH EXPOSES CUSTOMER DATA TO IT GROUP SAYS
Cybersecurity lessons you can learn from the global CDK attack
The CDK Global cyberattack serves as a stark reminder of the vulnerabilities inherent in our digital world and the far-reaching consequences of such breaches. This incident highlights some key security considerations to keep in mind:
1. Ransomware awareness and prevention
The discovery that the attack involved ransomware highlights the ongoing threat posed by this type of malware. It’s a reminder to be vigilant about the security of your personal devices. Here are some steps you can take:
Regular bookings: Make sure to regularly back up important data to a external hard drive or a secure cloud service. This can help you recover your data without paying a ransom if your device is compromised.
Update the software: Keep your operating system, antivirus software and all applications updated to protect against known vulnerabilities.
Attention by email: Be careful of unsolicited emailsespecially those with attachments or links. Phishing emails are a common method for delivering ransomware. The best way to protect yourself from clicking on malicious links that install malware that can access your private information is to install antivirus protection on all your devices. This can also alert you to any phishing emails or ransomware scams. Get my picks for the best antivirus protection 2024 winners for your Windows, Mac, Android and iOS devices.
CLICK HERE FOR MORE US NEWS
2. Strong authentication and access controls
While the CDK attack involved always-on VPN connections, the principle of strong authentication applies to you as well. Protect your accounts with:
Two-factor authentication (2FA): Enable 2FA on all accounts that offer it. This adds an extra layer of security beyond just a password.
Unique passwords: Use unique, complex passwords for different accounts. Consider using ea password manager to keep track of them.
3. Incident response and personal data protection
The extended outage and its impact on retailer operations underscores the need for you to have your own incident response plan:
Learn the recovery steps: Learn about the steps you should take if your device is compromised, such as disconnection from the internet, running antivirus scans AND restoring from backups.
Protect personal information: Be careful about sharing personal information online. Use your social media privacy settings and be mindful of the data you share with different services.
4. Regular security checks
Just as businesses should regularly assess their security, you should also:
Review account activity: Regularly check your bank and credit card statements for any unauthorized transactions.
Security settings: Periodically review and update the security settings on your devices and online accounts.
By taking these proactive steps, you can significantly reduce your risk of becoming a victim of cyber attacks. The CDK Global incident serves as a powerful reminder that cyber security is not just a concern for businesses, but for you and everyone in our increasingly digital world.
Kurt’s main relationships
When a company of CDK’s scale is hit by a ransomware attack, it disrupts the entire market, which is what we’re seeing right now. Many sellers in the US use CDK Global’s software, which means their business is crippled unless they can find another alternative. The company should work to strengthen its security systems and rush to deal with cybercriminals to minimize the losses suffered by merchants.
CLICK HERE TO GET THE FOX NEWS APP
What role should government and regulatory bodies play in supporting businesses affected by ransomware attacks? Let us know by writing to us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by going to Cyberguy.com/Newsletter.
Ask Kurt a question or tell us what stories you want us to cover.
Follow Kurt on his social channels:
Answers to CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All rights reserved.