Jump to content
  • CDK Global cyberattack impacts thousands of US car dealerships


    Karlston

    • 424 views
    • 4 minutes
     Share


    • 424 views
    • 4 minutes

    Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally.

     

    CDK Global provides clients in the auto industry a SaaS platform that handles all aspects of a car dealership's operation, including CRM, financing, payroll, support and service, inventory, and back office operations.

     

    The company is used by over 15,000 car dealerships in North America and has thousands of employees throughout the country.

     

    To use CDK's services, car dealerships configure an always-on VPN to the SaaS provider's data centers, allowing their locally installed applications to access the platform.

     

    Last night and into this morning, CDK Global suffered a cyberattack that caused it to shut down its IT systems, phones, and applications to prevent the attack's spread.

     

    Brad Holton, CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships, told BleepingComputer that the attack caused CDK to take its two data centers offline at approximately 2 AM last night.

     

    Employees at multiple car dealerships have also told BleepingComputer that CDK has not shared much information other than to send an email warning that they suffered a cyber incident.

     

    "We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems," reads an email shared with BleepingComputer.

     

    "We are currently assessing the overall impact and currently have no ETA."

     

    Some of these employees have also shared concerns that threat actors could use the always-on VPN to pivot into the internal network of car dealerships.

     

    An IT professional for one dealership told BleepingComputer CDK advised them to disconnect the always-on VPN out of caution.

     

    Holton explained that CDK software running on devices has administrative privileges used to deploy updates, which could explain why CDK recommends disconnecting from the data centers.

     

    While some users have stated that they can log in with old credentials that were upgraded during CDK's transition to a modern single-sign-on platform, BleepingComputer has been told that the application does not work as expected.

    If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at [email protected].

    Widespread disruption

    The outage has led to widespread disruption among car dealerships using their platform to track and order car parts, conduct new sales, and offer financing.

     

    Employees have reported on Reddit that they were left with nothing to do or were forced to go back to paper and pencil. Some dealerships are sending employees home for the day due to the outages.

     

    "We are almost to that point… no parts, no ROs, no times… just dead vehicles with nothing to show for them or parts to fix them," a dealership employee posted to Reddit.

     

    "Excel spreadsheets and post it notes for any parts we're handing out. Any big jobs are not happening," another employee commented.

     

    While there has been no official statement from CDK, it is rumored that the company suffered a ransomware attack that also impacted its backups.

     

    BleepingComputer has been unable to confirm this information independently, but if it was a ransomware attack, the outages will likely last for days, if not into next week and longer.

     

    When ransomware gangs breach corporate networks, they quietly spread to other devices while stealing corporate data.

     

    Once all data has been stolen and the threat actors gain administrative privileges, they encrypt all of the devices on the network, leaving behind ransom notes with instructions on contacting the hackers.

     

    The encrypted devices and stolen data are used in double-extortion schemes, where the threat actors demand a ransom payment to provide a decryptor and to delete and not publish any stolen data.

     

    These negotiations can take weeks, and if a ransom is not paid, the threat actors ultimately leak the corporate data, which usually includes the personal information of employees and, potentially, customers.

     

    Update 6/19/24: CDK shared the following statement with BleepingComputer:

     

    "We are actively investigating a cyber incident. Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible." - CDK.

    Source

     

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every single day for many years.

    2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...