- The Breach Report
- Posts
- CDK Global Software Cyberattack Disrupts 15,000 US Car Dealerships
CDK Global Software Cyberattack Disrupts 15,000 US Car Dealerships
Disruption enters third day after multiple cyberattacks
Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.
CDK Global Software Cyberattack Disrupts 15,000 US Car Dealerships
CDK Global, a company providing dealer management software (DMS) to car dealerships across the United States, has suffered multiple cyberattacks affecting over 15,000 dealerships. CDK has been forced to shut down its systems, leaving clients unable to perform any business operation the software provides.
The initial cyberattacks were first reported on Tuesday, June 18.
The CDK platform includes CRM, repair requests, orders, inventory, payroll, and financing, among other administrative functions.
According to Bleeping Computer, the attacks forced CDK to shut down its IT systems, phones, and applications to prevent the further spread of the attack.
Customers using CDK’s platform utilize a VPN connection that must remain online to CDK’s datacenters where the software-as-a-service (SaaS) resides. A locally installed application at each dealer accesses the enterprise SaaS through the VPN.
A CDK client from an affected dealership told Bleeping Computer that CDK advised them to disconnect the VPN out of caution.
The ongoing cyberattacks on CDK Global have forced countless US car dealerships to resort to pen-and-paper manual processes to continue some level of business. (source: Reddit)
CDK confirms multiple cyberattacks with no time frame for resolution
"We are actively investigating a cyber incident," a CDK spokesperson told CBS News. "Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible."
Some systems were restored on Wednesday, but another round of cyberattacks on the same day further damaged recovery efforts.
“Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems. In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible,” CDK shared on Thursday.
Calls to CDK Global’s hotlines are met with a busy signal or a prerecorded message.
The automated recording on CDK Global’s hotline states, " At this time, we do not have an estimated time frame for resolution, and therefore, our dealers’ systems will not likely be available for several days.”
Manual spreadsheets, pen and paper as outage persists
Employees have reported on Reddit that many car dealerships can only function at a reduced level using manual, static spreadsheets, and pen and paper.
“Excel spreadsheets and post it notes for any parts we’re handing out. Any big jobs are not happening,” an affected car dealership employee posted on Reddit.
Some dealerships are even sending employees home, as they will not be able to reasonably perform their jobs until CDK is back online.
"We are almost to that point…no parts, no ROs, no times…just dead vehicles with nothing to show for them or parts to fix them," another affected car dealership employee posted to Reddit.
Your Brilliant Business Idea Just Got a New Best Friend
Got a business idea? Any idea? We're not picky. Big, small, "I thought of this in the shower" type stuff–we want it all. Whether you're dreaming of building an empire or just figuring out how to stop shuffling spreadsheets, we're here for it.
Our AI Ideas Generator asks you 3 questions and emails you a custom-built report of AI-powered solutions unique to your business.
Imagine having a hyper-intelligent, never-sleeps, doesn't-need-coffee AI solutions machine at your beck and call. That's our AI Ideas Generator. It takes your business conundrum, shakes it up with some LLM magic and–voila!--emails you a bespoke report of AI-powered solutions.
Outsmart, Outpace, Outdo: Whether you're aiming to leapfrog the competition or just be best-in-class in your industry, our custom AI solutions have you covered.
Ready to turn your business into the talk of the town (or at least the water cooler)? Let's get cracking! (And yes, it’s free!)
Today’s Cyber Wall of Shame
Malicious actors never let a crisis go to waste…
CDK warns: threat actors are calling customers, posing as support - @Ax_Sharma
— BleepingComputer (@BleepinComputer)
11:00 AM • Jun 21, 2024
Until next time…
Rob Waters
Founder
The Breach Report + Cybersecurity Careers Blog
P.S. - Do you want to start a newsletter yourself?
You can with beehiiv. Create one today with a free trial.
Disclaimer: The Breach Report may contain affiliate links. Read our Advertising policy page.
Reply