Cyber-attacks are highly disruptive and damaging for all companies. However, retail companies often have to struggle under the weight of customer scrutiny and public impatience as well. This makes the sector particularly vulnerable and easy to manipulate – especially for hackers. This is a fact that CDK Global was unfortunate enough to learn first-hand after suffering from a cyber-attack barrage recently.
In this blog article, we explore the details of the CDK Global cyberattack and learn how the incident took place. We also take a closer look at why hackers are targeting the car dealership industry at all and how organizations in the sector can defend themselves from cyberattacks in the future. For now, let’s start by getting into the gist of the CDK Global outage itself.
CDK Global Cyberattack
On the evening of the 18th of June, an initial intrusion impacting CDK’s ability to support critical dealership functions was reported. The software giant that provides systems for car dealerships around North America and Canada immediately began its investigation into the security incident. Several large dealership clients such as General Motors dealerships, Group 1 Automotive, and Holman Automotive use CDK Global systems to manage sales, inventory, payroll, and other essential operations. The CDK Global outage led to widespread disruptions across multiple systems – including tracking and ordering car parts, conducting new sales, and financing capabilities.
On Wednesday, the company chose to proactively shut down its systems, phones, and applications to prevent the spread of the attack. Employees on Reddit confirmed that the CDK Global outage forced many dealership staff to resort to manual methods – using Excel spreadsheets and handwritten notes to handle minor transactions and repairs at their dealerships. However, larger transactions and regular operations remained severely impacted by the attack. According to Bloomberg, other dealerships also struggled with the disruptions following the CDK outage. Claire Glassmire, a receptionist at Barbera’s Autoland in Philadelphia, shared that they couldn’t access customer records, set certain appointments, or even print a repair order.
Brad Holton is the CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships. Holton shared with BleepingComputer that the CDK Global cyberattack forced the company to take its two data centers offline at approximately 2 AM on Tuesday. The company itself is yet to release an official statement and employees at several dealerships have received no information other than an email stating that CDK Global is "currently experiencing a cyber incident,” and that out of caution and concern for customers, it has shut down a majority of its systems.
Holton further explained that the CDK Global software that was running on devices maintained its administrative privileges used to deploy updates. This would explain why the company recommended disconnecting from the data centers in the first place. Certain employees were also concerned that threat actors would access the always-on VPN to pivot into the internal network of car dealerships. Bleeping Computer reported that an IT professional for one dealership was advised by CDK to disconnect the always-on VPN out of caution.
By Wednesday afternoon, CDK Global was able to restore its core Dealership Management System (DMS) and Digital Retailing solutions. CDK spokesperson, Lisa Finney, said in a statement shared with CNN: “We are actively investigating a cyber incident. Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”
However, the relief was short-lived as the company suffered another cyber-attack soon after that led to systems being shut down yet again. The company sent dealerships another message on Thursday morning stating:
Dear Valued Customers, We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th. Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems.
The company maintained that its priority is always the security of its customers and later shared an update that it had fully restored CDK Phones, DMS, and Digital Retail functions. CDK also stated that Unify and DMS logins are now available and that the company would be continuing to “conduct tests on all other applications before bringing them back online.” Now that we know more about what happened, let’s find out more about CDK Global as a company.
About CDK Global
CDK Global is a Software-as-a-Service company that provides data and technology solutions to automotive industries. The company was founded in 2014 and was later bought by investment firm Brookfield Business Partners for US$ 6.41 billion in 2022. The impressive cash deal was the final step to privatizing the last major publicly traded provider of software to auto dealers and manufacturers.
Deployed across 15,000 dealer locations in North America, the company has been empowering dealers with the tools and platforms needed for digital transformation for over 50 years. With more than 6,500 employees, CDK Global is one of the leading providers of cloud-based software to dealerships in the country – allowing auto dealerships to efficiently manage vehicle acquisitions, sales, financing, insuring, repairs, and maintenance. However, its success could not make it immune to the fallout of a cyber-attack. We’ll now try to answer the question of why auto dealers are even being targeted by hackers in the first place.
Why are Hackers Increasingly Targeting Auto Dealers?
On an average day, 153 viruses and 84 malicious spam emails are blocked by technology on a dealership's network according to Automotive News. The CDK Global cyberattack should serve as a warning to all auto dealers that their industry is a vulnerable target. Ironically, a 2023 report from CDK Global itself noted that cybercriminals are a growing threat to car dealerships - where 17% of the 175 surveyed auto dealers had experienced a cyber-attack or incident within the past year. While auto dealers might seem like a benign target for hackers, there are many reasons for hackers to take an interest in the sector:
- Sensitive Customer Data. Auto dealerships sit on a large amount of private and sensitive data from their customers. This can often make the sector a sitting duck to hackers. With data such as ID numbers, addresses, driver’s license numbers, and contact details – auto dealerships are a ripe target for a cyberattack. These establishments also carry a lot of financial information from customers on hand, such as bank card credentials, credit applications, and more. All this confidential data can be stolen in a cyberattack and sold on the dark web or used to commit ransomware attacks.
- Lack of Basic Cybersecurity Measures. For most auto dealerships, cybersecurity may seem like an afterthought. In an industry built mostly on practical solutions and hands-on daily management, the cybersecurity measures in place are often lacking or simply non-existent. This makes them a prime target for cyberattacks as they have little or no defensive systems in place.
- Using Outdated Systems. While many companies in the modern age choose to shift to a more advanced infrastructure, auto dealerships are often still left using outdated hardware and software – especially in smaller towns. These legacy systems are easily vulnerable to cyberattacks because of ineffective security protocols and management policies.
- Inadequate Cybersecurity Training and Awareness. The human element is often the most critical one when it comes to defending your company against cyberattacks. Many auto dealerships do not have sufficient cybersecurity training for their workforce to prevent phishing attacks or social engineering scams. This leaves the company vulnerable to hackers who might send malware in email attachments or links that employees have not been trained to avoid.
- Unsecured Networks. To make transactions easier for customers, most auto dealerships use an unsecured wireless network on premises for freely available Internet. While this is useful in most ways, an insecure network can also act as a gateway for hackers to steal data from the system. Auto dealers should try to use a secure network instead and simply provide the password to clients.
- Dependence on Technology. Ironically, the reliance on technology in the auto dealership industry can also become a vulnerability as systems that are updated and digitally transformed can be easily hacked or overtaken remotely. While companies should digitally transform, it’s equally important to install the right cybersecurity platforms to protect that new infrastructure as well.
- Common Interconnected Systems. Lastly, auto dealerships often feature a common interconnected system to manage various smaller systems within the company – such as customer sales, PR, repairs, and more. While this can help to stay on the same page across the network, the shared system can also become a vulnerability where a cyber threat can easily spread across the entire dealership after breaching only one segment.
While the auto dealer industry is becoming a larger attack surface for hackers, it’s important to note that these attacks can be defended against with the right practices and tools in place. We’ll now go over some of the ways that auto dealer businesses can be prepared and stay protected.
How Auto Dealer Organizations Can Stay Prepared
A study done by CDK Global in 2023 found that 17% of auto dealers had experienced a cyber-attack or security incident in the previous year. David LaGreca, the CDK Global senior vice president and general manager of IT Solutions, stated in a 2023 press release that “cybercriminals are increasingly targeting auto retailers utilizing sophisticated methods meant to appear from secure and trusted sources.” He goes on to warn that “employee awareness training should play an integral role in a dealership’s plan to prevent potential cyber threats.” The research found that the top cybersecurity threats to dealerships were phishing scams, ransomware, malware, weak passwords, and lack of employee awareness.
The CDK Global outage is only one example of a successful cyber-attack that went on to cause national disruptions. However, the CDK outage can also be a cautionary tale for organizations looking to protect themselves in the future. These are some practices that businesses in the auto dealer sector can put in place to stay safe:
- Develop a Cybersecurity Framework: A proper cybersecurity framework will provide a set of rules and practices to maintain that will protect you from cyber threats. Auto dealerships need to also invest in advanced cybersecurity platforms and expertise to inform their decisions and provide effective security solutions.
- Control Network Access: Managing the number and type of devices that are connected to your network will greatly reduce the risk of intrusion. Dealerships need to ensure that all devices connected to the network have advanced security settings and use antivirus software to prevent malware from entering the network.
- Use Two-Factor Authentication: Multifactor Authentication is one of the best ways to ensure data security for any organization. Auto dealerships can use two-factor authentication to add an extra layer of security that requires additional information – like a code sent to a phone – to allow clients to log into accounts.
- Limit Access Controls: Everyone should not have open access to company systems and data. Dealerships need to enact stronger access controls that provide only authorized personnel with access to sensitive data. This reduces the risk of a data breach and limits the number of people who can directly access crucial systems.
- Implement Data Encryption: Another step to securing data is using encryption to ensure that even if data is stolen, it cannot be easily understood or accessed. Dealerships can encrypt personal files that contain financial details and other private information to ensure the safety of their clients.
- Use Strong Passwords: While this may seem like an elementary step, most organizations do not use strong enough passwords and leave their entire network vulnerable to hackers. Dealerships need to insist that employees choose strong passwords and regularly change them as well to avoid breaches.
- Develop an Incident Response Plan: An incident response plan is a direct plan of action after a security incident. This plan is often used to contain a breach, minimize damage, and get operations running as soon as possible. An effective incident response plan will provide a step-by-step guide to recovery for auto dealerships dealing with a cyberattack.
- Provide Security Awareness Training and Education: Your workforce is a vulnerability, but it can also be your greatest strength in protecting your business from cyberattacks. Auto dealerships should invest in training exercises and cybersecurity awareness programs to keep their staff informed on how to identify suspicious files, emails, or operations. All workers – including management – need to follow strict cyber hygiene practices to stay protected and protect the business.
- Conduct Regular Security Tests: Security testing is a great way to ensure that your cybersecurity systems are up to scratch and can withstand a cyber threat. Conduct regular security audits and penetration testing to be assured that your security system is capable enough.
The CDK Global outage is a reminder to auto dealerships to manage their cybersecurity and infrastructure more proactively. By implementing these practices and investing in quality cybersecurity platforms, auto dealerships can seamlessly protect themselves from their expanding target in the sector and prevent future cyberattacks from causing disruptions. For more information on cloud infrastructure and cybersecurity, visit www.sangfor.com today.
Sources:
https://www.autonews.com/finance-insurance/retailers-prime-targets-data-theft
People Also Ask
CDK Global is a Software-as-a-Service company that provides data and technology solutions to automotive industries across 15,000 dealer locations in North America.
On the 18th of June, CDK Global became the victim of a cyber-attack that disrupted operations across car dealerships in North America and Canada.
Since the initial attack, CDK Global-affiliated car dealerships have had to resort to using Excel spreadsheets and handwritten notes for minor sales and transactions while larger sales have been mostly offline.
Hackers are finding auto dealerships to be a more attractive target due to:
- A large amount of sensitive customer data
- Lack of basic cybersecurity measures
- Use of outdated systems
- Inadequate cybersecurity training and awareness
- Unsecured networks
- Dependence on technology
- Common interconnected systems
Organizations like auto dealerships can protect themselves from cyberattacks by:
- Developing a cybersecurity framework
- Controlling network access
- Using two-factor authentication
- Limiting access controls
- Implementing data encryption
- Using strong passwords
- Developing an incident response plan
- Providing security awareness training and education
- Conducting regular security tests