This attack had all the hallmarks of ransomware attack and targeted CDK Global systems used by auto dealerships to manage sales, finance and service operations.
Due to outdated technology, ineffective security protocols, and single points of failure at the company, hackers were able to gain entry via an always-on VPN and then move laterally across its network, exploiting vulnerabilities to gain higher-level permissions.
CDK Cyber Attack Update
CDK Global was recently targeted in a cyber attack that temporarily disabled 15,000 car dealerships across the U.S. These dealerships rely heavily on CDK’s software for business operations and during this disruption were unable to use its services; many of them suffered substantial financial losses as a result. Furthermore, this incident highlighted the need for robust cybersecurity protocols and an effective incident response plan.
The company has taken a phased approach to restore dealership systems. According to its statement, they hope to bring back most applications and services by July 4; however, all dealerships may not be active at that point in time.
CDK Global was initially affected by a cyberattack which disrupted dealership computer systems nationwide. CDK is working hard to restore their systems while offering alternative methods for conducting business; however, the damage done to dealerships may take time to repair.
Unknown to CDK Global was what caused their initial cyberattack; however, according to CBS MoneyWatch sources it may have been due to phishing attacks that exploited multiple vulnerabilities and flaws. CDK Global is working with third-party cybersecurity specialists in order to assess any damages sustained from this incident.
CDK Global was recently the victim of a cyberattack that underscores the significance of modernizing cybersecurity measures and adopting a secure password policy. Employee training on identifying phishing attempts or other social engineering tactics may reduce chances of initial compromise; and staying current on patching security vulnerabilities as well as conducting an in-depth forensic analysis on all attacks is equally essential.
Is CDK Still Down
CDK Global was subjected to an unprecedented cyberattack that brought thousands of car dealerships under its jurisdiction to an abrupt halt, underscoring the importance of robust cybersecurity protocols and cautioning against outdated legacy systems relying solely on outdated legacy systems. Attributed to BlackSuit hacking group, this attack cost dealerships at least $1 billion collectively.
Dealers have also experienced additional financial costs due to manual processes which reduce efficiency and customer service; some even had to hire additional staff during the shutdown; meanwhile some are struggling to attract new customers during a time when so many are looking for cars.
One key step to prevent this type of attack is the creation and execution of an incident response plan that includes training on various threats and how best to deal with them, while also helping establish communication channels among stakeholders and customers during times of crisis.
CDK Global has made strides toward getting its systems back online despite an ongoing disruption, already live-testing two small test groups on its core DMS (accounting parts, service, sales F&I and user management) since April and is expecting more users online by June 30. In the meantime, dealers should protect their data by updating Tekion while waiting for CDK’s return.
When will CDK be Back up
After being hit with a cyberattack, thousands of car dealerships across the nation have been operating without critical software services for more than two weeks due to an Eastern European hacker group’s demands of millions in ransom payments.
CDK Global, the developer of car dealership software, had been making efforts to restore their systems when they were hit with another cyberattack on Thursday morning causing them to shut down their Dealer Management System once more.
Due to the complexity of its systems and how much of a security risk they pose for dealerships, restoration will take several days before all dealerships can access them. This is because there are multiple components which could be compromised and third party apps which pull and push data through them.
CDK told USA TODAY that they expect all systems to be restored by July 4, with recovery efforts including isolating the attack, restoring compromised systems from backups, patching security flaws, and monitoring for threats. Training programs on phishing attempts for employees is important to reduce initial compromise risks while acting as a strong line of defense in case of cybersecurity incidents.
CDK Cyber Attack Ransom
CDK Global’s cyberattack on thousands of car dealerships will likely cost them millions, serving as a reminder that investing in modern cybersecurity technology such as multi-factor authentication – essential for automotive businesses that rely on cloud platforms – and maintaining communication with customers during times of crisis is imperative – CDK Global has done an admirable job ensuring this through keeping in touch with its clients while offering alternative ways of conducting business.
Although details regarding this attack remain hazy, it appears to be a ransomware attack. Ransomware is a malicious software which encrypts files and cripples systems in order to demand payments; most often deployed into target environments via some form of phishing where administrative credentials are obtained through social engineering techniques; it could also stem from an unpatched vulnerability or weakness in software stack.
Media reports indicate that hackers behind the CDK Global attack are demanding tens of millions of bitcoin. It is thought these attackers belong to BlackSuit, which is an infamous ransomware group.
How hackers were able to gain access to such an immense volume of data is unclear; however, customer and financial information may have been stolen during this breach and exfiltrated illegally posing risks such as identity theft and financial fraud to customers.
What to do after a Ransomware Attack?