07 Jul Cyberattack on Auto-Industry Software Creates Troubling Shockwaves

A prevailing cyberattack on auto-industry on CDK Global created a massive disruption across 15,000 automobile dealers in June 2024, forcing dealers to use paper-and-pen accounting while they waited for the restoration of the software. At the time of the discovered incident, CDK shut down systems to protect data and prevent further damage while they performed an investigation on the attack’s details.

When systems returned, CDK reported another cyber incident that impacted systems. This is likely because the assessment did not clearly reveal the details of the first attack and created a gap in proper disaster-recovery decisions. This has led to a mangled recovery response across various dealers in the United States and Canada.

Understanding the Problem

First, it’s important to highlight this incident because it touches on numerous cybersecurity pitfalls that affect businesses on different levels. CDK is a software provider for auto dealers and handles important information ranging from payroll, accounts, and customer details. It’s a treasure trove of valuable data, meaning CDK Global is a ripe target for threat actors.

Diving deeper into the issue reveals a larger problem, however. The software is used by thousands of different dealers who have varying levels of preparedness for a cyber breach. Or in some cases, none at all. While CDK has its own standards for handling cyber incidents, dealers reliant on the software are different. Therefore, the damage caused varies at each dealership and is not the same across each business, creating a messy scenario with varying consequences. Service interruption can severely impact a dealer’s ability to generate business and even interfere with payroll.

Further analyzing the impact

The attack goes well beyond a simple breach and loss of data. Dealerships reliant on CDK Global’s software must use traditional methods to conduct business. Others may not even be able to sell vehicles or perform routine job functions until CDK is restored. That’s because they no longer have access to a client’s history, their vehicle information, or background data to properly gauge pricing, rates, and interest terms.

Thus, the attack has once again demonstrated the short and long-term consequences of a data compromise. It’s also unclear what data is in danger. Threat actors were able to compromise CDK Global’s business operations, but it’s likely they also gained access to critical information too. If, for instance, the attackers in question have access to personal credentials or customer data, they can further levy that into phishing campaigns, social engineering schemes, or larger scale cyberattacks.

The attack also readily demonstrates that no industry is immune from attack. Any enterprise housing critical data and information is an ideal target. Despite CDK Global supporting only automotive dealerships, it proved valuable enough for threat actors to compromise.

Fallout from the attack

CDK Global finds itself in a similar predicament to businesses dealing with post-breach environments. Either pay a ransom or continue dealing with significant downtime and loss of services. While CDK Global will eventually reach total system restoration, achieving such is no simple task.

Ransomware is a serious threat due to its implications. An enterprise faces a challenging decision: pay the demands to restore services or ignore the demands and deal with continued service loss. The FBI and CISA always insist on payment refusal, but the choice is not always simple. Threat actors are no longer content to hold data hostage. Some threaten to destroy or publicize stolen information if their demands are not met (or both).

Even if CDK Global resolves the breach, however, does not end the long-term problems. We’ve learned time and time again the immediate and delayed impact breaches have. Breaches cause extended ramifications. Brand damage and erosion in trust from clients are common consequences of ransomware breaches. As mentioned, stolen data can be used to create social-engineering scam campaigns, leading to additional breaches. Additionally, a business must take time to understand how a breach occurred. While GDK Global possesses the resources to conduct internal investigations and comprehensive security analytics, smaller businesses do not have that luxury.

More so, since the software is widely used by dealerships, it’s not clear how long their recovery path will take. The intrusion at CDK Global therefore has a dangerous cascading effect, since the software is so widely used.

Securing resources and future stability

CDK Global now joins the long list of businesses affected by massive cyberattacks. It’s a learning lesson once again highlighting how any industry is a potential target. Therefore, it’s paramount your enterprise invest wisely in protective strategies, resources, and solutions to reduce risk. For instance, CDK’s breach represents the dangers of total reliance on a software suite. If you utilize a software service to manage business operations, what happens if it suffers downtime? Do you have backups in place? Can you continue to handle client relationships without the necessary software?

Not all smaller businesses have answers to those questions. They also lack the significant resources of a larger enterprise. Therefore, they’re directly affected by service loss, even if they are not the primary target of a threat campaign.

It’s critical to ensure you have the right security infrastructure to protect data. Having a backup plan in case of service loss can prevent costly downtime. But again, not all SMBs possess the resources to create comprehensive plans or invest in proper cybersecurity.

In the event you need help with cybersecurity, data backup, and even building disaster-recovery plans, it’s important to seek help. Bytagig is an experienced MSP provider with powerful IT and cybersecurity resources. Bytagig can help your company recover from breaches, alter alternatives to software suites, and build strong BDR guidelines to mitigate breaches.

The attack on CDK Global represents an evolving threat climate. Therefore, it’s mission-critical to safeguard your data. For additional information, contact Bytagig today.