Cyberattacks are becoming more devastating and taking longer to resolve, impacting targeted organizations in significant ways. The latest incident affecting CDK Global, a crucial software provider for car dealerships, is no exception. This ongoing attack has left dealerships across the US scrambling, with their operations crippled for days and no clear end in sight.
The Growing Threat of Cyberattacks
The CDK Global hack is part of a troubling trend of sophisticated cyberattacks hitting vital infrastructure and supply chains. Similar incidents in other industries highlight the wide-reaching consequences of such breaches. For example, in May, a cyberattack on Ascension, a nonprofit hospital network, forced ambulances to divert and took nearly a month to resolve. Earlier this year, a February ransomware attack on Change Healthcare disrupted billing at pharmacies nationwide, putting some healthcare providers at risk of going out of business.
Why Cyberattacks Are So Devastating
Cybersecurity experts tell us that hackers are not just becoming more sophisticated, they are also getting more patient. They infiltrate an organization’s systems and move laterally, compromising various parts before launching a full-scale attack. This strategy maximizes damage and increases their leverage for demanding ransoms. As one expert put it, “When hackers turn the attack on and execute, it’s truly crippling to the organization, which then generates more revenue for them.”
Limited Information and Ongoing Investigations
Details about specific cyberattacks are often scarce at first. Companies are cautious about sharing information to protect their reputation and avoid potential litigation. They may also withhold specifics to prevent copycat attacks until investigations are concluded. According to Eric Noonan, CEO of CyberSheath, ransomware attacks typically start with a phishing email, allowing hackers to move undetected for days or even weeks. Victims usually realize they’ve been hacked when they lose access to crucial files or receive ransom notes.
The CDK Global Hack: A Major Blow to Dealerships
The attack on CDK Global has brought the car dealership industry to a grinding halt. CDK’s software is integral to processing sales and other transactions at dealerships. As a result of the hack, many dealerships have had to revert to manual processing, significantly slowing down their operations.
(Update as of 28.06.2024) – CDK is steadily bringing systems back online in the aftermath of the cyberattack. They’ve taken a phased approach to their restoration efforts, with another group of dealerships, including a major public dealer, restored as of today. CDK Customer Care shared the following email with its customers:
“Dear Valued Customers,
We are continuing the phased approach to the restoration process. In addition to bringing a second small group od dealers live on the core DMS today, one of our large public dealers is also live on the core DMS.
For details on how you will be notified of your scheduled go live timeframe please go to the Dealer Resource Center and go to this link.
There are some integration points with OEM systems and third-party partners that may not be live immediately but will be phased in as quickly as possible.
We are also actively working on bringing other applications live including CDK CRM (eLead), ONE-EIGHTY and CDK Service.
We anticipate our customer care channels will be live tomorrow late afternoon.
Thank you for your continued partnership as we work together to get you back to business as usual.”
Meet BlackSuit: The Group Behind the CDK Hack
Analysts say the CDK hack is the work of BlackSuit, a relatively new cybercriminal group that emerged in May 2023. BlackSuit is believed to be a spinoff of the Russia-linked hacking group RoyalLocker, itself an offshoot of the notorious Conti gang. Although BlackSuit is less aggressive than some other ransomware groups, it has already claimed numerous victims.
BlackSuit’s Operations and Impact
BlackSuit has breached at least 95 organizations worldwide, with a significant number in the US. The group employs a “double extortion” tactic, stealing sensitive data and locking systems while threatening to leak the information. BlackSuit also supports smaller partner groups by providing hacking infrastructure and resources for extortion-related activities.
A Broader Issue for Industries with Outdated Systems
The attack on CDK Global highlights a broader vulnerability in industries that rely on outdated systems, such as healthcare and automotive sectors. These industries are increasingly attractive targets for cybercriminals due to their critical role in supply chains and often inadequate cybersecurity measures.
Challenges in Recovery and Ransom Payments
While hackers have greater leverage in demanding ransoms, experts warn that paying a ransom does not guarantee a speedy recovery. Organizations often face prolonged disruptions even after meeting ransom demands, as systems need thorough cleansing and security overhauls to prevent future attacks.
Conclusion
The CDK Global hack is a stark reminder of the critical importance of cybersecurity in today’s digital world. As hackers become more sophisticated and patient, the potential for devastating attacks grows. Organizations must prioritize cybersecurity to protect against these evolving threats and minimize the impact of inevitable breaches. For car dealerships across the US, the ongoing disruption caused by the CDK hack is a clear call to action. Prioritizing cybersecurity is no longer optional – it’s essential to ensure business continuity and protect against future attacks.
With the CDK hack already causing significant disruptions to dealerships, now isn’t the time to let hiring cause further headaches. If we can help your business in any way, don’t hesitate to get in touch. We’re here to support you through these challenging times and ensure your operations get back on track as smoothly as possible. Reach out to us today!
< back to other articles