CDK Global cyberattack cripples 15,000 US auto dealerships
CDK Global, a software-as-a-service (SaaS) provider for car dealers and auto equipment manufacturers, has suffered a cyberattack that has temporarily disrupted its customers’ operations.
About CDK and its platform
CDK’s platform is used by 15,000+ car dealerships across North America to manage their sales, customer relationships, financing, inventory, customer support, and other aspects of their day-to-day operations.
The customers use locally installed apps to access the CDK platform, and round-the-clock access to the platform and CDK data centers is made possible via a cloud-based SD-WAN and a VPN solution.
CDK notifies customers of cyberattack (twice)
The first attack apparently started on the night of June 18h (Tuesday).
While CDK has yet to release an official statement on their website and its social media accounts, its customers have been contacted and provided with preliminary information and instructions on what to do.
According to the customer communiqués that have been shared on Reddit, the company is still describing it as a cyber incident.
CDK reacted by shuting down their systems as a matter of precaution, advised customers to shut down access to their dealer management system (DMS) and called in third-party cybersecurity experts to help with the investigation and remediation.
“With the work done, we are confident the CDK Phones, DMS and Digital Retail have been restored. Both Unify and DMS direct login access are available. We are continuing to conduct extensive tests on all other applications, and we will be providing updates as we bring those applications back online,” the company explained.
They later followed up with an update saying that they experienced an additional cyber incident late in the evening on June 19th, and have again shut down most of their systems.
“We are currently assessing the overall impact and consulting with external 3rd party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th,” they said.
“As of now, our Customer Care channels for support remain unavailable as a precautionary measure to maintain security. It is a high priority to reinstate these services as soon as possible.”
Whether this was an attack involving the use of ransomware still remains to be seen, but the shutting down of systems and access might be measures to block it from spreading.
source: HelpNetSecurity
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024