Description
CDK Global is a leading Software-as-a-Service (SaaS) provider of integrated technology solutions to the automotive retail industry. According to a 2023 cybersecurity report published by CDK that focused on automobile dealerships, 17% of dealers reported experiencing a cyberattack or incident in 2023. That is an increase of 13% over the year prior. Of those that reported an attack, 46% said their business was impacted either financially or operationally with 31% reporting damaged reputation.
The vulnerability of car dealerships to cyberattacks was recently shown in a ransomware attack on CDK themselves that was initiated on June 19, 2024. The attack impacted the sales, parts, finance and accounting departments of more than 15,000 automotive dealerships across the country. According to CBS News, the disruption could potentially result in 100,000 fewer cars being sold in June alone, potentially causing a ripple effect on the broader economy. An organization known as BlackSuit has claimed responsibility for the attack, reportedly demanding a ransom in the tens of millions of dollars.
Actions Taken
As of now, little is known about how the attack was executed. An initial attempt to restore their systems resulted in another attack that brought everything down once again. It is unclear whether CDK chose to pay the ransom, although one news outlet reported that they did. The software company managed to restore services to a small test group of dealers a week after the attack and has since been bringing more dealerships online. Currently, the aftermath of the attack is in its third week, with some dealerships still lacking access to the online tools they need to operate.
Prevention
Cyberattacks are fundamentally about gaining leverage, and the CDK Global incident is a prime example of how targeting one company can impact thousands more. A comprehensive risk assessment plays an important role in preventing ransomware attacks by helping organizations identify vulnerabilities in systems, networks, and processes that could be exploited by attackers. Regular assessments ensure that security policies are continuously updated to address new vulnerabilities and evolving ransomware tactics. Regular assessments should be supplemented by regular vulnerability scans to identify unpatched systems or outdated software that ransomware attackers frequently exploit.
The responsibility for a risk assessment doesn’t solely lie with third-party service providers (TPSPs) however and should be a mandatory exercise for dealerships as well. A risk assessment would have identified CDK’s critical role in their operations. Measures could then be included in a well-documented incident response plan (IRP) that instructs employees on procedures to follow if the online provider becomes inaccessible.
Given that cybersecurity incidents are now virtually inevitable today, a resilient approach focused on containing and mitigating attacks has become a priority. Such strategies include network segmentation, which can slow down or prevent the spread of ransomware across the network. A multi-layered approach, combining proactive risk assessment with robust incident response and containment strategies, is essential in today’s complex cybersecurity landscape.
HALOCK recognized in 2024 Verizon Data Breach Investigations Report (DBIR) on how to estimate risk.
Estimate risk based on real threat data. Read Appendix D in the 2024 Verizon Data Breach Investigations Report (DBIR) to augment your risk analysis.
