The CDK Global Cyberattack: What Happened and How to Protect Your Business

On June 18 and 19, 2024, CDK Global (CDK), one of the leading providers of cloud-based software to auto dealerships in North America, faced a severe two-tiered cyberattack. This attack has sent shockwaves through the automotive industry, highlighting vulnerabilities and raising concerns about cybersecurity preparedness across sectors.

The Cyberattack Unfolds

CDK Global, servicing over 15,000 car dealerships across North America, fell victim to a ransomware attack allegedly orchestrated by a group known as BlackSuit. The attackers demanded tens of millions of dollars in ransom, exploiting vulnerabilities within CDK’s network infrastructure. Operations such as invoicing, payroll management, and inventory updates came to a pause, affecting dealerships’ ability to conduct business efficiently.

The company took down its operations immediately to prevent the attack from spreading which led to a second cyberattack, thus making the situation worse by prolonging recovery efforts. From a customer standpoint, such situations lead to higher wait times and the risk of customers turning to competitors that can swiftly process these transactions. Some dealerships across North America reported up to 50% loss in sales due to the attack.

The attack not only disrupted CDK’s services but also triggered legal action from affected dealerships, highlighting the financial and reputational fallout from such incidents. As of July 3rd, CDK Global has been slapped with at least eight lawsuits in federal court, mostly from employees or people who had used the services of the affected dealerships. Customers also expressed their frustration on social media, further putting pressure on the CDK management. 

Cybercriminals are aware of the disruptions their attacks would cost and are counting on the mounting financial and public pressure to force corporations to pay the ransom. CBS News reported that the company, CDK Global, is planning to pay the ransom.

“It takes 20 years to build a reputation and few minutes of a cyber-incident to ruin it” – Stephane Nappo

Automotive Industry: A Target for Cybercriminals

Cyberattacks on car dealerships are on the rise, with a notable rise in incidents reported in recent years. According to a 2023 report by CDK, 17% of surveyed dealerships experienced cyber incidents, up from 15% the previous year. These attacks not only disrupt operations but also jeopardize sensitive customer data, leaving them vulnerable to scams such as identity thefts, thus making dealerships prime targets for cybercriminals.

In the case of CDK, the hackers exploited vulnerabilities in CDK’s network to deploy the ransomware. Specific technical details about the vulnerabilities are not publicly disclosed, but it is evident that the attack leveraged weaknesses that allowed the hackers to take control of the system and encrypt essential data. This situation was further complicated by the restoration efforts, which were interrupted by another breach, suggesting potential flaws in the recovery process or insufficient isolation of compromised systems (BleepingComputer)​​ (DNyuz)​.

Supply Chain Risk Management:

Similar to the Change Healthcare Cyberattack, CDK also faced a similar ransomware attack, highlighting a critical vulnerability shared across industries: supply chain risk management. Just as in the Change Healthcare breach, where interconnected systems and third-party dependencies played a significant role, the CDK incident shows how cybercriminals exploit these links to infiltrate and disrupt operations. By targeting the supply chain, the attackers can put additional pressure on their target to “pay up” rather than having all their downstream customers impacted. This trend is increasingly common, as attackers target the weakest points within a supply chain to maximize their impact. Hence, it is important for organizations to conduct thorough risk assessments and implement a cybersecurity strategy. By addressing these vulnerabilities proactively, businesses can better safeguard their operations and protect against the cascading effects of such cyber threats.

Mitigating Cyber Risks

In the aftermath of the CDK cyberattack, businesses must prioritize cybersecurity to mitigate future risks. Here are essential strategies:

Regular Software Updates and Patch Management: Ensure all systems are up to date with the latest security patches to mitigate known vulnerabilities.

Strong Authentication Measures: Implement multi-factor authentication (MFA) to enhance access security and prevent unauthorized entry into critical systems.

Employee Training: Educate staff about phishing scams and social engineering tactics to reduce the risk of data breaches.

Network Segmentation: Divide networks into segments to contain breaches and limit the spread of malware in case of an attack.

Robust Backup Solutions: Maintain secure backups of essential data to facilitate quick recovery in the event of a ransomware attack.

Incident Response Planning: Develop and test incident response plans to ensure swift and effective responses to cyber incidents.

Vulnerability Scanning and Penetration Testing: Conduct regular assessments to identify and address security weaknesses proactively. Contact Us to schedule a Vulnerability Scan.

Encryption: Encrypt sensitive data both in transit and at rest to protect it from unauthorized access.

Third-Party Security Assessments: Assess and monitor the security practices of third-party vendors and partners to mitigate supply chain risks.

Convergence Networks: Leading in IT and Cybersecurity Solutions

At Convergence Networks, we recognize the value of proactive cybersecurity measures and comprehensive incident response strategies in defending automotive companies against cyberattacks. Our team of experienced professionals specializes in managed IT services and IT support, with a security first mindset. This means we offer tailored solutions to our clients to protect against ransomware attacks, data breaches, and other cybersecurity risks.  In addition, we have experienced and credentialed security experts who can help ensure security is appropriately balanced with operations to keep the organization running smoothly.

We work closely with our clients to evaluate their security posture, identify vulnerabilities, and put strong security measures in place to effectively mitigate risks. We enable automotive companies to strengthen their cybersecurity defenses and protect sensitive customer data by helping them to adopt multifactor authentication and carry out comprehensive business impact evaluations.

Moving forward, Convergence Networks remains committed to helping organizations navigate the evolving threat landscape and mitigate the risk of cyberattacks. The CDK Global cyberattack serves as a stark reminder of the vulnerabilities faced by businesses in the digital age. By adopting proactive cybersecurity measures and leveraging expert guidance, businesses can strengthen their defenses and safeguard against potential cyber threats, ensuring continuity and resilience in an increasingly interconnected world.

Contact Us today to learn how we can assist you in strengthening your cybersecurity defenses.

Contact Our CLIENT
Support Team
Get connected With
Remote Access

To connect, please enter the 6-digit code given to you by your Network Administrator: