A recent cyberattack on CDK Global has caused a significant disruption in car dealerships across the United States. This cyber incident has brought thousands of car dealerships to a standstill, impacting their operations severely. Here is a detailed account of what transpired and the implications for the affected businesses.
The Scope of the Attack
CDK Global, a major software-as-a-service (SaaS) provider for the automotive industry, serves over 15,000 car dealerships in North America. The company offers a comprehensive platform that handles various aspects of dealership operations, including customer relationship management (CRM), financing, payroll support, service inventory, and back-office operations. To access CDK’s services, dealerships use an always-on VPN to connect to the company’s data centers, enabling their locally installed applications to interface with the SaaS platform seamlessly.
Incident Details
The attack on CDK Global occurred late at night and into the early morning hours, prompting the company to shut down its IT systems, phones, and applications to contain the damage. Brad Holton, CEO of Proton Dealership IT, a cybersecurity firm for car dealerships, revealed that CDK took its data centers offline around 2 AM to prevent the attack’s spread. This shutdown has led to widespread disruption among the dealerships using CDK’s platform to manage their operations.
Immediate Impact on Dealerships
Dealership employees reported that CDK sent an email acknowledging the cyber incident and advising caution. The company recommended disconnecting the always-on VPN to avoid further compromise. This precautionary measure disrupted the ability of dealerships to track and order car parts, conduct sales, and offer financing. Some dealerships resorted to manual processes, such as using paper and pencil or Excel spreadsheets, to manage their operations. The situation forced some dealerships to send employees home due to the lack of functional systems.
Potential Causes and Consequences
While CDK has not officially confirmed the nature of the attack, there are strong indications that it was a ransomware attack. If true, this could mean that the attackers encrypted the company’s data and possibly stole sensitive information, demanding a ransom for decryption and non-disclosure. Such attacks often involve double extortion, where threat actors not only encrypt data but also threaten to leak it if the ransom is not paid. This method can prolong the recovery process and increase the overall impact on the affected organization.
Ongoing Concerns
The automotive outlet Ford Authority reported that several CDK products, including Service, Fortellis Integration Portal, and Modern Retail CRM, were affected by the outage. This highlights the extensive reach of the attack and the significant operational challenges faced by dealerships relying on these systems. Cybersecurity experts warned that resolving such incidents could take days or even weeks, depending on the severity and the extent of the breach.
Conclusion
The cyberattack on CDK Global underscores the critical importance of robust cybersecurity measures for companies providing essential services. For car dealerships, the disruption caused by this incident highlights the vulnerabilities in their reliance on centralized SaaS platforms. Moving forward, businesses must prioritize cybersecurity to protect their operations from similar threats, ensuring they have contingency plans to mitigate the impact of such incidents.
In summary, the CDK Global cyberattack has brought to light significant cybersecurity concerns in the automotive industry, emphasizing the need for enhanced protective measures and preparedness for potential cyber threats.