Security News CDK Global cyberattack impacts thousands of US car dealerships

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
Content source
https://www.bleepingcomputer.com/news/security/cdk-global-cyberattack-impacts-thousands-of-us-car-dealerships/
Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally.

CDK Global provides clients in the auto industry a SaaS platform that handles all aspects of a car dealership's operation, including CRM, financing, payroll, support and service, inventory, and back office operations.

The company is used by over 15,000 car dealerships in North America and has thousands of employees throughout the country.

To use CDK's services, car dealerships configure an always-on VPN to the SaaS provider's data centers, allowing their locally installed applications to access the platform.

Last night and into this morning, CDK Global suffered a cyberattack that caused it to shut down its IT systems, phones, and applications to prevent the attack's spread.

Brad Holton, CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships, told BleepingComputer that the attack caused CDK to take its two data centers offline at approximately 2 AM last night.

Employees at multiple car dealerships have also told BleepingComputer that CDK has not shared much information other than to send an email warning that they suffered a cyber incident.

"We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems," reads an email shared with BleepingComputer.

"We are currently assessing the overall impact and currently have no ETA."

Some of these employees have also shared concerns that threat actors could use the always-on VPN to pivot into the internal network of car dealerships.

An IT professional for one dealership told BleepingComputer CDK advised them to disconnect the always-on VPN out of caution.

Holton explained that CDK software running on devices has administrative privileges used to deploy updates, which could explain why CDK recommends disconnecting from the data centers.
Click to expand...
www.bleepingcomputer.com

CDK Global cyberattack impacts thousands of US car dealerships

Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
Reactions: simmerskool, Trident, Fel Grossi and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
CDK Global hacked again while recovering from first cyberattack
Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack.

CDK Global is a software-as-a-service platform that provides a full suite of applications to handle a car dealership's operation, including sales, back office, financing, inventory, and service and support.

CDK became aware that they were breached Tuesday night, causing them to shut down their data centers, IT systems, and login systems.

The attack led to a massive outage as car dealerships could not conduct their normal operations, including servicing or selling vehicles.

Last night, the company had begun to restore services, bringing their Unifi modern login service back online, though other systems were still being restored.

Unfortunately, as CDK was restoring its services, they were once again forced to shut down their systems after suffering another breach late yesterday evening.

"We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th," reads a CDK notification seen by BleepingComputer.

"Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts."
Click to expand...
www.bleepingcomputer.com

CDK Global hacked again while recovering from first cyberattack

Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
Reactions: vtqhtr413 and simmerskool
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
CDK warns: threat actors are calling customers, posing as support
CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access.

The warning follows ongoing cyberattacks that have hit CDK, forcing the company to shut down its customer support channels and take most of its systems offline.

CDK Global is a software-as-a-service (SaaS) platform that thousands of US car dealerships rely upon.
Click to expand...
www.bleepingcomputer.com

CDK warns: threat actors are calling customers, posing as support

CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access. The warning follows ongoing cyberattacks that have hit CDK, a software-as-a-service (SaaS) platform that thousands of US car dealerships rely upon.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
Reactions: vtqhtr413
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
CDK Global outage caused by BlackSuit ransomware attack
The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter.

The same sources, who provided information on condition of anonymity, told BleepingComputer that CDK is currently negotiating with the ransomware gang to receive a decryptor and not leak stolen data.

While BleepingComputer is the first to report that BlackSuit is behind the attack, the news that CDK is negotiating with threat actors was revealed by Bloomberg yesterday.

The negotiations come after the BlackSuit ransomware attack forced CDK to shut down its IT systems and data centers to prevent the attack's spread, including its car dealership platform. The company tried restoring services on Wednesday but suffered a second cybersecurity incident, causing it to shut down all IT systems again.
Click to expand...
www.bleepingcomputer.com

CDK Global outage caused by BlackSuit ransomware attack

The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
Reactions: vtqhtr413
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
CDK Global says all dealers will be back online by Thursday
CDK Global says that its dealer management system (DMS), impacted by a massive IT outage following a June 18th ransomware attack, will be back online by Thursday for all car dealerships.

The company is also working on restoring access to other affected applications, including its Customer Relationship Management (CRM), ONE-EIGHTY, and Service solutions.

"We are continuing our phased approach to the restoration process and are rapidly bringing dealers live on the Dealer Management System (DMS)," CDK spokesperson Lisa Finney told BleepingComputer.

"We anticipate all dealers connections will be live by late Wednesday, July 3 or early morning Thursday, July 4."
Click to expand...
www.bleepingcomputer.com

CDK Global says all dealers will be back online by Thursday

CDK Global says that its dealer management system (DMS), impacted by a massive IT outage following a June 18th ransomware attack, will be back online by Thursday for all car dealerships.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Jonny Quest

Similar threads

[correlate]
    • +Reputation
    • Like
Security News Halliburton forced to take systems offline to contain cyberattack
Replies
0
Views
1,463
Security News
[correlate]
[correlate]
Gandalf_The_Grey
    • Wow
Security News American Water shuts down online services after cyberattack
Replies
0
Views
1,513
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Eagers Automotive halts trading in response to cyberattack
Replies
0
Views
1,332
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top