A hack at software vendor CDK Global has disrupted car dealerships across the US.
The business shut down most of its systems Wednesday “out of an abundance of caution” for clients, according to spokeswoman Lisa Phinney. In a statement to clients, CDK said that while some systems were back online that afternoon, the business had to take them offline again later that evening due to another cyberattack.
CDK began the recovery process on Saturday and expects it to take “several days” to finish, according to Phinney.
The system outage has forced dealerships to rely on manual, handwritten forms to continue operations. Phinney did not respond to the number of dealerships affected, but the company works with more than 15,000 retail locations across North America, according to CDK’s website.
Meanwhile, a group posing as hackers and based in Eastern Europe is demanding tens of millions of euros in ransom, an insider told Bloomberg News on Friday afternoon. CDK plans to pay the ransom, the insider said, according to Bloomberg News.
What Does CDK Global do?
One of the leading providers of cloud-based software to auto dealerships in the US, CDK’s software facilitates the management of buying, selling, financing, insurance, maintenance and repair of cars. A “three-tier cyber security strategy to prevent, protect and respond to cyberattacks” is what the organization claims to offer.
How are Dealers Being Impacted?
Northtown Automotive Companies, according to one of its owners, Craig Schreiber, has backup plans that have made it possible for his dealership near Buffalo, New York, to continue selling and servicing automobiles.
“Our previous planning, which involved using handwritten, manual forms in every department, allowed us to go ‘old school,'” Schreiber wrote in an email. If it comes, there will inevitably be a backlog of inputs as a result of the disruption, but for now, we are working on it.”
Eric Watson, Kia America’s vice president of sales operations, acknowledged in a statement to retail partners Thursday that “many Kia dealers” that use CDK’s platform are experiencing business disruptions as a result of the shutdown. While waiting for CDK’s systems to come back online, Watson advised dealers to use hand tools.
Why are Car Dealerships Targeted by Cyberattack?
The incident comes after Findlay Automotive Group was hit by a cyberattack last week. According to the Las Vegas Review-Journal, the automobile group, which operates in five states, said the attack hampered its ability to sell and service.
According to CDK’s 2023 analysis, cybercriminals are becoming a major concern for auto dealerships. Of the 175 dealers polled, 17% reported a cyberattack or incident in the past year, up from 15% the previous year. 46 percent of these dealers claimed that a cyberattack had a detrimental impact on their operations or finances.
Because dealerships hold a ton of sensitive client data, they’ve been a desirable target. According to a 2023 article by insurance company Zurich North America, dealerships hold “a wealth of information” to hackers, ranging from credit applications to client financial information.
“In addition, dealership systems are often connected to external interfaces and portals, such as external service providers,” according to the paper. Several dealerships are also said to “lack basic cybersecurity protections.”
Who is Responsible for the CDK CyberAttack?
Recorded Future’s ransomware expert Alan Leska determined that Black Suit was the hacker collective responsible for the CDK attack, multiple media sources said. Recorded Futures did not immediately respond to a request for comment on Friday.
According to Reuters, BlackSuit is a recent cybercrime outfit that split off from RoyalLocker, the first hacker group with ties to Russia. According to security company Recorded Future, the gang has compromised at least 95 businesses worldwide.
According to a 2023 CDK analysis, cybercriminals are becoming a major concern for car dealerships. Of the 175 dealers polled, 17% reported a cyberattack or incident in the past year, up from 15% the previous year. 46 percent of these dealers claimed that a cyberattack had a detrimental impact on their operations or finances.
Since dealerships hold a ton of sensitive client data, they’ve been a desirable target. According to a 2023 article by insurance company Zurich North America, dealerships hold a wealth of information for hackers, including credit applications and customers’ financial information.
The study states that many dealerships “lack basic cybersecurity protections” and that “in addition, dealership systems are often connected to external interfaces and portals, such as external service providers.”
What is the Impact of the Attack?
Following a series of cyberattacks, CDK Global, a leading Software as a Service (SaaS) provider for auto dealerships, faced significant disruptions in the automotive sales and service sector. These hacks demonstrate the increasing sophistication of cyberattacks and the wide-ranging impact these types of incidents can have on multiple industries.
First cyberattack and immediate shutdown
After discovering a hack on June 18, 2024, CDK Global shut down its data centers, IT infrastructure, and login services. Car dealerships that relied on CDK’s platform for sales, inventory management, and customer service faced severe operational difficulties as a result of this initial hack. Dealerships reported significant disruptions that affected both business and consumer transactions. These dealerships included industry titans like Penske Automotive Group.
Restoring Services and Remedying Other Breach
On June 19, as CDK began restoring services and bringing some systems back online, they were attacked again later that night. As a result, the business had to restart most of its systems. Affected dealerships were forced to use manual procedures, which slowed down their business significantly. Adding to the confusion was customers trying to repair or purchase vehicles.
Industry responses and expert views
Cyber security professionals have noticed that these attacks are becoming more destructive and sophisticated. These days, hackers infiltrate networks and often travel long distances without being noticed before launching crippling strikes. While the move to cloud-based, networked systems is beneficial to a company’s operations, it also introduces risks that hackers can exploit.
Hackers these days are more calculated and patient, often waiting for the perfect opportunity to strike. They can do the most damage using this strategy and demand a huge ransom.
Comparing this sector with others
The auto dealership industry is not alone in facing these challenges. Similar attacks, including the Ascension ransomware attack in May and the Change Healthcare attack in February, have been directed at healthcare systems. These incidents point to a larger pattern in which legacy systems and critical infrastructure sectors are targeted by cybercriminals.
CDK’s Response and Ongoing Challenges
CDK Global is collaborating with outside cyber security experts to assess damage and restore services as a result of the attacks. But there is no indication that the recovery process will be complete soon. This is expected to take several days, if not longer. According to an email that was reportedly written to CDK clients on Tuesday and circulated on social media, the business does not expect to restore service at all affected auto dealerships until June 30. The hackers are demanding tens of millions of dollars in ransom, and the corporation is negotiating with them.
CDK spokeswoman Lisa Phinney emphasized that the company is taking all necessary security measures to protect its clients and prevent further hacks. Despite these efforts, the extended shutdown continues to disrupt dealership operations nationwide.
