Cybersafetyconnections June 24, 2024, vol# 174 

From konbriefing CDK Car dealership software-as-a-service provider CDK Global has experienced a significant cyberattack that impacted thousands of US car dealerships. 

  • This cyberattack may have happened due to the always-on VPN. 
  • CDK is used by over 15,000 car dealerships in the us. 
  • NO cybercriminal group has claimed responsibility for the attack. 
  • CDK took steps to mitigate loss from the cyberattack. 

What happened? 

Designer powerede by DALL-E3 

According to BleepingComputer.com Car dealership software-as-a-service provider CDK Global has experienced a significant cyberattack that prompted the company to deactivate its IT systems, phones, and applications to contain the threat leading to the shutdown of its systems and disrupting the normal operations of its clients. 

Brad Holton, CEO of Proton Dealership IT, a firm specializing in cybersecurity and IT services for car dealerships, disclosed that the attack compelled CDK to take its two data centers offline at approximately 2 AM. 

Why did this cyber-attack happen? 

ImageDesigner powered by DALL-E3 

In order to utilize CDK’s services, car dealerships establish an always-on VPN connection to the SaaS provider’s data centers, enabling access to the platform through locally installed applications. 

Some employees have expressed concerns that threat actors might exploit the always-on VPN to infiltrate the internal networks of car dealerships. 

Who was impacted?ImageDesigner powered by DALL-E3 

CDK Global offers a comprehensive SaaS platform to the automotive industry, encompassing critical functions such as CRM, financing, payroll, support and service, inventory management, and back-office operations.  

The company serves over 15,000 car dealerships in North America and maintains a substantial workforce across the country. So CDK and the car dealerships, employees and customers were impacted. 

Which cybercriminal group was responsible? 

ImageDesigner powered by DALL-E3 

No cybercriminal group has claimed responsibility for the attack. 

Here is how CDK mitigated loss from the cyberattack 

OWASP Threat and Safeguard Matrix 

OWASP Threat and Safeguard Matrix 

Brad Holton, CEO of Proton Dealership IT, a firm specializing in cybersecurity and IT services for car dealerships, disclosed that: 

  • The attack compelled CDK to take its two data centers offline at approximately 2 AM.  
  • Reports from employees at various car dealerships suggested that CDK has communicated limited details, primarily issuing an email alert regarding the cyber incident. 
  • An IT professional from a dealership informed that CDK advised them to disconnect the always-on VPN as a precautionary measure. 
  • Holton elaborated on the administrative privileges of CDK software on devices, as it is used for deploying updates. This explanation could justify CDK’s recommendation to disconnect from the data centers. 
  •  Notably, while some users mentioned successful logins with previous credentials that were updated during CDK’s transition to a modern single-sign-on platform, there are reports indicating that the application functionality is not as expected. 

As always, we asked Copilot for help. And here you go; 

To mitigate the losses from the recent, cyberattack, CDK Global can take several steps: 

  1. Immediate Response and Containment
  1. Communication
  1. Data Recovery and Backup
  1. Strengthening Security Measures
  1. Employee Training
  1. Legal and Financial Measures

Conclusion 

By taking these steps, CDK Global can not only mitigate the immediate impact of the cyberattack but also strengthen its defenses against future incidents. 

Subscribe to get the latest blog.