Automotive dealership software suffers ransomware attacks-why you should care

CDK Global, a provider of software solutions for automotive dealerships, suffered a ransomware attack that impacted its systems across the United States.

The attack, attributed to the BlackSuit group, caused disruptions to essential services such as dealer management systems used for sales, parts ordering, and servicing operations. As a result, numerous automotive dealerships reported operational challenges due to the outage, highlighting vulnerabilities in cloud-hosted applications.

Key Points:

1. Nature of attack: The ransomware attack targeted CDK Global’s cloud-hosted systems, encrypting critical data and disrupting services crucial for daily operations at automotive dealerships nationwide.
2. Extent of disruption: The ripple effects of the attack are widespread, affecting a significant number of U.S. auto dealers who rely on CDK Global’s software for various business functions. This highlights the interconnected nature of cloud-based systems in the automotive industry.
3. Response and remedy: CDK Global initiated response efforts to contain the attack, restore services, and communicate with affected dealerships to manage the fallout and minimize business interruptions.
4. Broader implications: The incident underscores the growing threat of ransomware targeting cloud-hosted applications, where the potential impact extends beyond individual organizations to their entire customer base and ecosystem partners.

Risks of increased attack potential in cloud hosted applications:

  • Accessibility and exposure: Cloud-hosted applications are accessible over the internet, increasing their exposure to cyber threats such as ransomware attacks. Attackers can exploit vulnerabilities in these systems remotely, potentially affecting multiple organizations simultaneously.
  • Inter-connectivity: Integration of cloud applications with various dealer management systems and databases means that compromising one service can have cascading effects, disrupting operations across interconnected networks.
  • Dependency on service providers: Organizations rely on the security measures and response capabilities of their cloud service providers. Any breach or downtime in these services can significantly impact the operational continuity and trust of customers and partners.
  • Shared responsibility: While cloud providers manage the infrastructure, organizations bear responsibility for securing their applications, data, and configurations. Misconfiguration or inadequate security measures can create entry points for attackers.

Why this matters to you:

You are most likely using cloud hosted applications. If you are, you should always make certain that you actually own the data attached to the could application. This may mean you need to have your IT service provider verify basic and enhanced security protocols such as:

  • Enabling multi-factor authentication
  • Making copies of all data stored on the cloud for offline use.
    • This can be challenging as most provider will claim they have backups with no way to download
      all the data. I would run and hide from any company that does this.
    • In the case of CDK, the backups may be encrypted by the threat actor or backups may be old.
  • Enable immutable (unchangeable) backups, and test them regularly.
  • Get an annual security review assessment.

While cloud-hosted applications offer scalability and efficiency benefits, they necessitate robust cybersecurity strategies to mitigate the heightened risks associated with increased attack surfaces. Organizations must prioritize proactive security measures, including regular assessments, incident response planning, and effective communication with stakeholders, to protect against ransomware and other cyber threats effectively.