CDK Global, an established provider of dealership management software, was the victim of a ransomware in June 2024. The attack had far-reaching effects for the automotive industry. According to estimates from Anderson Economic Group in East Lansing Michigan, the incident caused significant financial losses and disrupted dealership operations.
CDK Cyber Attack against car dealerships have been on the rise. In recent years, there has been a noticeable increase in reported incidents. A 2023 report from CDK found that 17% of surveyed dealerships had experienced cyber incidents. This is up from 15% in the previous year.
In the same way, from July 2023 to June 2024 there were 4,582 known ransomware attack. This marks an increase of 33% on a year-on-year basis in comparison with the previous period. This unprecedented surge of attacks surpassed the previous record set by 3,434 attacks between July 2022 and June 2023.
Cybercriminals have increased their numbers, but also improved in terms of tactics. They now access encryption within hours, rather than weeks.
This article will explore the details of the attack, highlighting the need for robust security strategies within the digital landscape and cdk cyber attack
Understanding the CDK Cyber Attack
What Was the CDK Cyber Attack?
June 18, 2024:
- was able to stop the cyberattack by shutting down CDK Global’s systems.
- The outage affected over 150,000 car dealers in North America, causing significant disruption to their daily operations. Many dealerships rely on manual processes that impact customer service and efficiency.
- Some systems were restored in the afternoon, but another attack caused a shutdown.
June 21, 2024:
- A hacking group, claiming to have been based in Eastern Europe, demanded for a ransom of.
- The group has been identified as BlackSuit. This cybercriminal organization is linked to past attacks that involved encrypting, exfiltrating and hosting public data leaked sites for noncompliant victims
- Bloomberg News reported CDK was planning to pay the ransom.
June 22, 2024:
- CDK began a multi-day restoration process.
June 24, 2024:
- CDK informs its clients that the shutdown is expected to continue at least until the end of June.
- A group of small dealerships has been successfully brought online for testing.
June 28, 2024:
- CDK continues to bring back dealerships in phases. Two small groups and one large-group have been restored.
July 1, 2020:
- CDK plans to restore service to all dealerships before July 4th.
July 4, 2020:
- CDK is expected to be available for all dealers.
CDK’s Communication Strategy
CDK communicated timely and transparent updates with its customers and other stakeholders. The company regularly updated its customers and stakeholders on the state of its systems, including the steps being taken to restore service.
This was essential in managing the customer’s expectations and maintaining their trust during the crisis. By keeping communication private, the company hoped to avoid the crisis escalating.
The damage was too serious to be fixed by communication alone.
Impact on Dealerships and Customers:
The attack was a major blow to both dealers and customers.
Dealerships suffered severe disruptions to their sales and finance operations, as well as customer services. The attack caused system failures and performance degradation. This affected critical functions like inventory tracking, service scheduling, and sales processing.
Sonic Automotive reported that car sales declined during a week-long outage after a cyberattack against its software service provider, CDK Global. The incident “is reasonably likely to have an impact on material” financial performance.
has filed multiple lawsuits against CDK Global for this situation. The suits criticize the company’s rapid system restorations that led to numerous breaches. These breaches were mostly caused by employees or customers who used the services at the affected dealerships.
Customers felt the impact of delays in purchasing cars, difficulties obtaining financing, and getting timely service. This disruption led to delays in services and missed sales opportunities. It also caused frustration from customers.
The data breach raised concerns in the long term about privacy and data security. It could expose sensitive customer data, leading to fraud and identity theft.
Industry experts urge robust plans for enhanced cybersecurity contingencies to minimize future disruptions.
Technical Breakdown: How Did the Attack Occur?
Technical details of the vulnerabilities have not been made public, but it’s clear that hackers exploited the weaknesses to gain control over the system and encrypt vital data.
Initial Access
BlackSuit is suspected to have used a combination phishing as well as exploiting software vulnerabilities.
CDK employees were targeted by phishing campaigns that tricked them into disclosing credentials or downloading malware. This is the most effective and common method of compromising network security.
The CDK Global platform is accessible to car dealers via a VPN that’s always on.
Lateral movement: Once the attackers were inside the network they moved laterally. They used techniques such as credential dump (stealing passwords from RAM) and exploited poor permissions to gain access to additional systems and sensitive information.
Privilege Scaling: By gaining higher-level privileges, attackers could potentially take control of critical systems by exploiting software vulnerabilities, or leveraging adminstrative privileges.
Deployment of Payload: The last stage involved the deployment of ransomware. The files were encoded, which affected all dealership services that rely on CDK. The attackers then demanded ransom to get the decryption key.
Preventing Future Attacks:
Dealerships need to be proactive in strengthening their defenses, as cyber-attacks are becoming more sophisticated. This will help them protect sensitive customer data and maintain trust.
Cybersecurity Framework: Building a Strong Cybersecurity Framework
It involves the establishment of policies and procedures, which are reviewed and updated regularly to address new threats. A comprehensive framework is not only useful in preventing cyber attacks, but also in ensuring a rapid recovery after a breach.
Safety measures that are essential
These are the tools used to enforce the cybersecurity framework. firewalls and data encryption are important tools that can reduce the risk of data theft and unauthorized access. These safeguards are the first line against cyber threats.
Employee Training
Training is essential because human errors can lead to security breaches. Regular cybersecurity training can empower employees with the knowledge to identify and avoid threats. Phishing Awareness and Secure password management are also skills that every employee should have.
An Incident Response Plan
A plan is needed by companies to outline the steps they will take to minimize downtime and damage. A well-practiced and clear response plan could mean the difference between a minor loss and a catastrophic one.
Cybercriminals are attracted to the automotive industry because of its large network of dealerships and customer databases. Implementing these measures will allow dealerships to create a safe environment for their operations, and ensure the integrity of customer data.
Other Ransomware Cases
Nvidia Lapsus$
In 2022, Nvidia – a major gaming chipmaker – was the victim of a ransomware hack in which the hackers, also known as Lapsus$ ransomware, stole sensitive information, including Nvidia’s source code and GPU details.
The stolen source code includes the Hash Rate Limiter (LHR), which reduces Nvidia’s chip efficiency for cryptocurrency mining.
Lapsus$ issued an unusual ultimatum. Nvidia had to allow its graphics cards to min cryptocurrencies faster by removing LHR or else their crown jewel source code would be released. The attackers demanded to make Nvidia GPU drivers open source.
Nvidia responded by… hacking Lapsus$ computers. They tried to install ransomware, but they were unable to recover their data because of backups.
Nvidia finally settled with Lapsus$ to keep its data private. it paid a cryptocurrency ransom, and it agreed to release GPU drivers under an open-source license.
WannaCry
In 2017, the WannaCry ransomware attack was a well-known attack with a major impact. It affected more than 200,000 organizations in over 150 countries including hospitals, banks, and government agencies.
The ransomware is delivered as a Dropper that contains components for encryption and decryption. It also includes communication components. It encrypts various files (e.g. Microsoft Office files, MP3s), and displays a notice demanding a ransom.
A North Korean hacker group called the Lazarus Group spread it via a vulnerability in Microsoft Windows implementation for the Server Message Block protocol (SMB). Within four days, over 350,000 devices were affected.
Businesses have suffered significant losses with hundreds of records being compromised. Hospitals had to cancel surgeries because of the loss of patient files. ambulances were reported to have been rerouted due to the attack affecting GPS information. This could potentially put lives at risk.
Adrien Guinet was a French researcher who found a way of retrieving the RSA keys from the malware files. This stopped the attacks in their tracks. The combination of this and Windows’s patches stopped WannaCry a few weeks after its outbreak.
These incidents illustrate the complexity of ransomware and the tradeoffs that companies must make when dealing with cybercriminals.
The conclusion of the Cdk cyber attack:
The cdk cyber attack update as a constant reminder of the cyber threat landscape. Dealerships can improve their defenses by understanding the attack and its impact. They can also take preventive measures to make them more resilient. Act now to create a strong cybersecurity strategy that will protect your business against future attacks. A proactive approach to ensuring your dealership’s security and the data of your customers is essential.
For More Information visit Our Homepage:
