Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Massive hack forces CDK Global, a provider of software-as-a-service for car dealerships, to shut down its servers, leaving customers unable to run their businesses as usual.
A SaaS platform from CDK Global serves clients in the auto sector, managing all facets of vehicle dealership operations, such as inventory management, CRM, financing, payroll, support, and servicing.
Over 15,000 car dealerships in North America use CDK Global’s software. Car dealerships set up an always-on VPN to the SaaS provider’s data centers in order to use CDK’s services, which grants their locally installed apps access to the platform.
Details About the Attacks: What Happened?
CDK Global suffered a cyberattack causing them to shut down their IT systems, phones, and applications to prevent the attack’s spread.
According to BleepingComputer, multiple car dealerships received an email warning that they suffered a cyberattack.
We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems… We are currently assessing the overall impact and currently have no ETA.
CDK Global Email to Its Customers (Source)
Some of the car dealerships’ employees shared concerns that the threat actors could use the always-on VPN to pivot into the internal network of car dealerships. Brad Holton, CEO of Proton Dealership IT, clarified that the reason CDK advises disconnecting from the data centres may be because the software it runs on devices has administrative privileges that are used to distribute updates.
Car dealerships that use their platform to track and order auto components, perform new sales, and provide financing have experienced significant disruptions as a result of the outage.
Employees have complained on Reddit that they were forced to return to using paper and pencil or that they were given nothing to do. Because of the disruptions, some dealerships are sending their staff members home for the day.
Although CDK has not released an official comment, there are rumours that the company was attacked by ransomware, which also affected its backups.
The Second Attack
On June 19, CDK was affected by another breach while restoring its services following the first breach. The company managed to bring back its Unifi modern login service at the time of the attack, but others were still being restored.
We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th… Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts.
CDK Breach Email Notification (Source)
Some of the biggest car dealers in the world are being impacted by the outages. Penske Automotive Group claims that Premier Truck Group, their commercial truck dealership, has been disrupted.
In their latest status update, the company says that they’re not able to provide an estimate as to when systems will be restored. The outage will likely continue for several more days. Customers are starting to voice their thoughts too as they’re not able to sell or purchase a car.
If you liked this piece, you can find more on the blog. Follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
