CDK Global Cyber Attack Shuts Down Car Dealerships

The software-as-a-service provider CDK Global has been hit by a cyber attack that has forced them to shut down their IT systems.

CDK Global is responsible for the software behind most major car dealerships in North America, with clients including auto giants General Motors, Group 1 Automotive and Holman.

The cyber attack, which allegedly started on the evening of Tuesday 18th June, has sent their IT systems offline and caused chaos across the auto retail industry with dealerships being unable to access their crucial systems. 

The software company has since responded quickly and shut down most of its operations by 2 am on Wednesday 19th to prevent data loss. 

CDK Phones, DMS and Digital Retail are reported to be operational, but the rest of CDK Global's operations are yet to be restored.

An email sent to employees states that CDK is ‘currently assessing the overall impact and currently has no ETA’ and gave no idea of when these systems may return online. 

15,000 dealerships unable to process sales 

Details surrounding the attack remain scarce. Approximately 15,000 dealerships have been left unable to process sales and complete other critical tasks including office operations, payroll and inventory.

Car buyers may experience delays in test drives, loan approvals, and finalizing vehicle purchases. Some dealerships may resort to manual processes, potentially causing longer wait times. Lost sales and delays in transactions could lead to significant financial losses for dealerships.

The nature of the attack is yet to be disclosed by CDK. However, similar attacks on major businesses have involved ransomware. Ransomware involves encrypting a victim's data, essentially locking it away, and then demanding a ransom payment in exchange for the decryption key to unlock the data.

Car dealerships are attractive targets for cybercriminals as they collect and store a significant amount of sensitive customer data.

This includes personal information like names, addresses, Social Security numbers, driver's licenses, and financial details like credit card numbers and bank account information. This data is valuable to cybercriminals who can use it for identity theft, credit card fraud, or even sell it on the dark web.

As CDK software is used by a vast majority of dealerships in North America it is a lucrative target for causing widespread disruption. A successful attack on CDK can disrupt a large portion of the auto retail industry in one attempt.

Ransomware attacks often target businesses with outdated software or weak cybersecurity practices. While CDK offers security solutions, it's possible some dealerships might not be using the latest software updates or have implemented the strongest security measures, creating vulnerabilities for attackers to exploit.

Modern car dealerships rely heavily on interconnected systems. CDK software likely integrates with other dealership functions and external service providers. These connections create additional entry points for attackers to gain access to a dealership's network.

“Dear Valued Customers, We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th,” CDK messages sent to car dealers read. 

“Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems,” it continued.

'A Prime Target'

This cyber attack highlights the vulnerability of the auto industry to cyber threats. CDK is working to investigate the attack and restore its systems.

“The cyber attack on CDK Global shows the absolute necessity for robust supply chain security as threat actors look to exploit weak links to infiltrate larger networks.

"Car dealerships hold lots of valuable data, especially considerable financial information, making them a prime target for cybercriminals to try to gain access to and exploit security gaps to steal sensitive data,” Andrew Lintell, General Manager EMEA at Claroty told EM360Tech

“Proactivity through comprehensive risk assessments, stringent access controls, and continuous monitoring is key. Organisations must maintain constant vigilance of all suppliers and be aware of potential vulnerabilities to prioritise the actions that must be taken to ensure operational resilience.

"The emerging risk of always-on VPNs can also be supplemented by implementing network segmentation to restrict unnecessary connectivity and the movement of malware,” he concluded.

The full extent of the damage caused by the CDK attack is still being assessed. However, it is clear that the incident has caused significant disruption to the auto retail industry and underscores the need for all businesses to prioritize robust cybersecurity measures.