Cybercriminals paralyzed car dealership software provider CDK Global with back-to-back ransomware attacks. The result has car dealerships reverting to paper and pens to work out many of their computerized functions.

The first attack caused CDK to take its two data centers offline, and once it was recovering from the attack that affected thousands of car dealerships across the U.S., the hackers struck again.

The second attack occurred on June 19, again forcing CDK to shut down its systems.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

BMW dealership

A BMW car dealership (Kurt "CyberGuy" Knutsson)

What you need to know about the CDK cyberattack

The cyberattacks on CDK Global didn't only impact the company but also its thousands of customers and regular folks who were planning to buy new automobiles.

CDK Global is a SaaS provider to clients in the auto industry. It provides car dealerships with software to handle operations like financing, inventory, back office, payroll and more. CDK’s services are used by over 15,000 car dealerships across North America. The company also employs thousands of people.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Timeline of the attacks

Cybercriminals targeted CDK twice. The first attack occurred this month, and while CDK Global didn’t reveal details, Bleeping Computer reported it was related to the company’s always-on VPN.

Car dealerships use a special kind of VPN connection that's always on to connect to CDK's data centers. This lets their dealership software, installed on their computers, access CDK's platform. Since the CDK software has permission to update itself (like admin privileges) automatically, it makes sense why CDK recommended disconnecting from their data centers during the security incident.

CDK reported restoring some services on June 20 and told CyberGuy that its systems were again offline due to another cyberattack.

"Late in the evening of June 19, we experienced an additional cyberincident and proactively shut down most of our systems. In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers," said Lisa Finney, senior external communications manager at CDK Global.

"We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible," Finney added.

CDK Global announced on June 24 that the breach was, in fact, a ransomware attack, meaning the company’s systems won’t be back online until it pays the hackers a ransom. CDK’s software remains down as of this writing, and Reuters reported that it won’t be back online until the end of June. 

Bloomberg reported that a hacking group called BlackSuit is behind the cyberattack on CDK Global, demanding an extortion fee of tens of millions of dollars.

BMW lot

BMW sales car lot (Kurt "CyberGuy" Knutsson)

PHARMA GIANT’S DATA BREACH EXPOSES PATIENTS’ SENSITIVE INFORMATION

How are dealerships responding?

Car dealerships across the U.S. are feeling the pinch from the CDK cyberattack. But some dealerships are showing their resourcefulness. Employees are taking to social media, like Reddit, to share how they're keeping things going with spreadsheets and sticky notes. This allows them to handle smaller sales and repairs, but for now, bigger transactions are on hold.

Big names like Honda, Toyota and Hyundai are closely monitoring the situation to see how badly the outage is hurting dealerships. Honda even went further, telling affected dealerships to use alternative tools and processes to keep business running smoothly while CDK gets its systems back online.

MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS

How does the CDK cyberattack impact you?

Car dealerships rely on CDK's software to manage various aspects of their operations, including financing and inventory management. When these systems are down, it can delay the process of purchasing a car, affecting those who are in the market for a new vehicle.

If you’re seeking services from dealerships, such as maintenance or repairs, you may experience delays or disruptions because the dealership's management systems are offline. CDK's software also helps dealerships manage financing and leasing agreements. The cyberattack has disrupted these processes, leading to delays in securing loans or leases for customers.

A toyota dealership

Toyota dealership (Kurt "CyberGuy" Knutsson)

TICKETMASTER DATA BREACH EXPOSES 560 MILLION CUSTOMERS’ DATA SAYS IT GROUP

Cybersecurity lessons you can learn from the CDK global attack

The CDK Global cyberattack serves as a stark reminder of the vulnerabilities inherent in our digital world and the far-reaching consequences of such breaches. This incident underscores several key security considerations you should take into account:

1. Ransomware awareness and prevention

The revelation that the attack involved ransomware highlights the ongoing threat posed by this type of malware. It's a reminder that you need to be vigilant about the security of your personal devices. Here are some steps you can take:

Regular backups: Ensure that you regularly back up important data to an external hard drive or a secure cloud service. This can help you recover your data without paying a ransom if your device is compromised.

Update software: Keep your operating system, antivirus software and all applications up to date to protect against known vulnerabilities.

Email caution: Be wary of unsolicited emails, especially those with attachments or links. Phishing emails are a common method for delivering ransomware. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

CLICK HERE FOR MORE U.S. NEWS

2. Strong authentication and access controls

While the CDK attack involved always-on VPN connections, the principle of strong authentication applies to you as well. Protect your accounts with:

Two-factor authentication (2FA): Enable 2FA on all accounts that offer it. This adds an extra layer of security beyond just a password.

Unique passwords: Use unique, complex passwords for different accounts. Consider using a password manager to keep track of them.

3. Incident response and personal data protection

The prolonged outage and its impact on dealership operations underscore the need for you to have your own incident response plan:

Know your recovery steps: Familiarize yourself with the steps to take if your device is compromised, such as disconnecting from the internet, running antivirus scans and restoring from backups.

Protect personal information: Be cautious about sharing personal information online. Use privacy settings on social media and be mindful of the data you share with various services.

4. Regular security audits

Just as businesses need to assess their security regularly, you should also:

Review account activity: Regularly check your bank and credit card statements for any unauthorized transactions.

Security settings: Periodically review and update the security settings on your devices and online accounts.

By taking these proactive steps, you can significantly reduce your risk of falling victim to cyberattacks. The CDK Global incident serves as a powerful reminder that cybersecurity is not just a concern for businesses but for you and everyone in our increasingly digital world.

Kurt’s key takeaways

When a company of CDK’s scale is affected by a ransomware attack, it disrupts the whole market, which is something we are witnessing right now. Many dealerships in the U.S. use CDK Global’s software, meaning their business is paralyzed unless they can find another alternative. The company should work on tightening its security systems and hurry to deal with cybercriminals to minimize the losses suffered by dealerships.

CLICK HERE TO GET THE FOX NEWS APP

What role should government and regulatory bodies play in supporting businesses affected by ransomware attacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.