CDK Global Cyberattacks Impact 15,000 Auto Dealerships, Enter 3rd Day

Two cyberattacks on CDK Global have impacted over 15,000 auto dealerships across North America.

The dealerships use CDK Global’s dealer management software to run their businesses, including vehicle sales. Its software handles everything from records to scheduling.

According to CNN, thousands of dealerships across the United States and Canada on Friday entered a third day in a near deadlock after the two consecutive cyber incidents at CDK Global led to a shut down of its systems.

CDK Global spokesperson Lisa Finney sent us the following statement:

“Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems. In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible.”

No further information was available from CDK Global.

Mike Stanton, president and CEO of the National Automobile Dealers Association (NADA), a trade organization representing 16,000 new car dealers, said dealers are ”very committed to protecting their customer information and are actively seeking information from CDK to determine the nature and scope of the cyber incident so they can respond appropriately.”

Related:Cybercriminals Target Dell Technologies, Ascension

CDK Global Attacks Illustrate ‘Chain Reaction’ of Impact

Jamie Moles, senior technical manager at ExtraHop, said the cyberattack on CDK Global illustrates the chain reaction that successful attacks have on businesses, third parties and customers.

“Customers experience heightened risk when third-party vendors have expansive privileges to their operational environments," he said. "Unfettered access leaves a clear pathway for attacks to have ripple effects across customer network environments, exposing their sensitive information and possibly impacting their daily operations. Intrusions on something as simple as an unmonitored VPN connection leaves an opening into otherwise trusted environments, acting as a gateway for threat actors to enact a takedown such as the one on CDK Global and its customers.”

ExtraHop's Jamie Moles

It’s also important to note that incidents like these are not specific to the automotive sector, Moles said. Third-party and VPN connections are ubiquitous with electronic medical records (EMRs) in the health care vertical as well. As the attack landscape continues to evolve rapidly, it’s becoming more common for cross-industry targeting, ultimately impacting more businesses and customers.

Ted Miracco, CEO of Approov Mobile Security, said this incident highlights a common vulnerability that is especially impacting the automotive supply chain, and CDK Global's breach exemplifies this risk.

Approov's Ted Miracco

“These apps provide extensive mobile tools for dealership management, offering functionalities such as real-time inventory management, customer relationship management, repair tracking and mobile access to critical business information,” he said. “However, without proper API security measures, these features can expose sensitive data and backend systems to potential breaches and malicious attacks. Many companies do not adequately secure their APIs, especially for mobile applications. API protection for web access does not adequately protect mobile interfaces, creating an easy target for hackers and ransomware attacks. These API attacks increasingly target the automotive supply chain, exploiting the lack of security in mobile interfaces.”