A provide chain cyberattack on software program supplier CDK World compelled 1000’s of automotive dealerships to close down Wednesday, a historically busy day for gross sales with the Juneteenth vacation.
Stories mentioned the primary dealerships began getting booted offline round 2 a.m. Japanese Time on Wednesday, June 19. Some shut down altogether, unable to entry essential data, whereas others maintained some providers by counting on paper information.
On Thursday morning, CDK mentioned that there had been a second cyber incident.
“Late within the night of June 19, we skilled an extra cyber incident and proactively shut down most of our programs,” CDK mentioned in a press release supplied to Darkish Studying. “In partnership with third social gathering specialists, we’re assessing the affect and offering common updates to our prospects.”
CDK’s assertion added that it took programs offline as a precaution.
“We’re persevering with to conduct intensive assessments on all different functions, and we’ll present updates as we convey these functions again on-line,” CDK mentioned in its assertion. “Our first precedence is all the time the safety of our prospects, and our actions mirror our obligation to them as a trusted companion.”
In search of Solutions
The precise nature of the provide chain cyber incident and whether or not programs have been restored stays unclear. Nevertheless, Roger Grimes, data-driven protection evangelist with KnownBe4, mentioned he suspects ransomware.
“It hasn’t been launched what kind of ‘cyber incident’ that is, however there is a good probability it is associated to ransomware,” Grimes mentioned in a press release. “When extra particulars are launched, I hope a part of the main points embrace how the cyber risk made its method into CDK’s programs (e.g., social engineering, unpatched software program or firmware, and many others.). As a result of so as to mitigate future occurrences you should begin with how the present incident was induced.”
In keeping with Andrew Costis, chapter lead on the adversary analysis workforce at AttackIQ, the cyber incident is way from over for dealerships that depend on CDK software program.
“CDK is affected by not one, however two cyberattacks which have induced the SaaS supplier to close down IT programs,” he informed Darkish Studying in a press release. “Given the intensive reliance on this third-party vendor, the fallout from this assault reverberates all through your complete automotive business.”
