CDK Global, a leading software-as-a-service (SaaS) provider for the auto industry, has been hit by a massive cyberattack, leading to a significant disruption in its services. The company, which supports over 15,000 car dealerships in North America, announced the shutdown of its dealer management system (DMS) in response to the attack, which is expected to last for several days.
Impact of the Cyberattack on CDK Global and Its Clients
On the night of June 19th, CDK Global experienced a severe cyberattack, prompting the company to take its IT systems, phones, and applications offline to prevent the spread of the attack. This decision has left many car dealerships unable to perform essential business functions such as tracking and ordering car parts, conducting sales, and offering financing.
CDK Global's platform is integral to dealership operations, handling customer relationship management (CRM), financing, payroll, support and service, inventory management, and back-office operations. The disruption has forced employees at various dealerships to resort to manual methods, such as using paper and pencil, and some dealerships have even sent employees home due to the outage.
 |
| CDK Global Shuts Down DMS for Several Days Following Overnight Cyberattack |
Details of the Attack and Response
Brad Holton, CEO of Proton Dealership IT, revealed that CDK Global shut down its two data centers around 2 AM to mitigate the impact of the cyberattack. Employees at affected dealerships reported receiving minimal information from CDK, other than an email acknowledging the cyber incident and the shutdown of most systems out of caution.
Concerns have also been raised about the potential for threat actors to exploit the always-on VPN connections used by dealerships to access CDK’s services, possibly allowing them to infiltrate internal dealership networks. As a precaution, CDK has advised dealerships to disconnect these VPN connections.
Holton explained that CDK’s software, which runs with administrative privileges on dealership devices, could be a vector for the attack, hence the recommendation to sever connections with the data centers.
Potential Ransomware Attack
Although there has been no official confirmation, there are rumors that CDK Global was hit by a ransomware attack. Such attacks typically involve the encryption of corporate data and the theft of sensitive information, followed by ransom demands. If these rumors are true, the outages could extend for several days or even weeks as CDK negotiates with the attackers and works to restore its systems.
Ransomware attacks often employ a double-extortion tactic, where attackers threaten to publish stolen data unless a ransom is paid. This adds pressure on the affected organization to comply with the attackers’ demands quickly to prevent data leaks that could harm their reputation and customer trust.
CDK Global's Response and Current Status
In response to the cyberattack, CDK Global issued a statement confirming the incident and the precautionary shutdown of most systems. The company is actively investigating the situation and working to restore services as swiftly as possible.
As of the latest update, CDK has restored its phone systems, DMS, and digital retail services. Logins for the Unify and DMS platforms are now available, but the company is conducting thorough tests on other applications before bringing them back online.
Industry Implications and Next Steps
This incident underscores the vulnerability of critical infrastructure in the automotive industry to cyberattacks. The disruption at CDK Global highlights the importance of robust cybersecurity measures and the need for contingency plans to maintain operations during such events.
For dealerships relying on CDK Global’s services, the immediate focus is on managing the operational impact and ensuring data security. Disconnecting VPNs and relying on manual processes are temporary measures, but dealerships will need to assess and enhance their cybersecurity protocols to prevent future incidents.
CDK Global’s swift response and ongoing efforts to restore services will be crucial in mitigating the damage and reassuring its clients. However, the full recovery and implications of the attack will likely unfold over the coming days and weeks.
Conclusion
The cyberattack on CDK Global serves as a stark reminder of the growing threat of cybercrime in today’s digital landscape. As the company works to restore its systems and services, the automotive industry must remain vigilant and proactive in strengthening cybersecurity defenses to safeguard against future attacks.