Close Menu
    Auto Tech

    CDK Global Cyberattack Shuts Down Thousands of US Car Dealerships

    Dealerships are resorting to manual processes while facing potential security risks from compromised VPN connections
    Central Desk
    Cybersecurity_Passwordless Security
    Image by: Highways Today

    A major cyberattack has hit CDK Global, a major provider of software-as-a-service (SaaS) for car dealerships, causing the company to shut down its systems. This disruption affects over 15,000 car dealerships across the United States, heavily reliant on CDK’s platform for daily operations.

    Extent of the Attack

    CDK Global’s platform manages essential functions for car dealerships, including customer relationship management (CRM), financing, payroll, support and service, inventory, and back-office operations. Dealerships connect to CDK’s data centers via an always-on VPN to access these services.

    Overnight, CDK took its IT systems, phones, and applications offline to contain the attack’s spread. Brad Holton, CEO of Proton Dealership IT, reported this action around 2 AM. Dealership employees confirmed receiving a brief email from CDK about the cyber incident, lacking an estimated resolution time.

    CDK Global
    Image by: CBS Detroit | Twitter

    Operational Halt

    The attack severely impacted car dealerships. With systems down, many could not process sales, track or order car parts, or offer financing services. Employees turned to manual methods, using paper, pencil, or Excel spreadsheets. Some dealerships even sent employees home, unable to perform essential tasks.

    Security Threats

    Concerns arose about threat actors exploiting the always-on VPN connections to infiltrate dealership networks. CDK advised dealerships to disconnect these VPNs as a precaution. Holton noted the risks posed by administrative privileges granted to CDK software on dealership devices, potentially allowing attackers to deploy harmful updates or access sensitive data.

    EV-Charging-Station-Cyber-security
    Image by: setec power

    Speculations and Impact

    Rumors suggest CDK Global might have suffered a ransomware attack. Such attacks typically involve stealing and encrypting corporate data, followed by ransom demands for decryption keys and promises not to publish the stolen information. If confirmed, prolonged outages could result as CDK negotiates with attackers and attempts system restoration.

    Ransomware attacks can lead to harmful consequences, including exposure of employees’ and customers’ personal information if ransoms go unpaid. These incidents highlight the vulnerability of critical infrastructure to cyber threats and the far-reaching impacts of such breaches.

    NEW LAUNCH | Autoliv Unveils Eco Airbags from 100% Recycled Polyester

    Share.
    Avatar

    The aforementioned article was meticulously researched, compiled, and verified by a dedicated reporter from the Central Desk at Auto World Journal. Should you have any inquiries or concerns regarding the published material, please do not hesitate to contact us via WhatsApp at +971 5060 12456 or by eMail at Mail(at)Auto World Journal(dot)com.

    Newly Landed