CDK Global, a software-as-a-service (SaaS) provider for car dealerships, has been hit by a significant cyberattack. This attack has forced the company to shut down its systems, leaving clients struggling to conduct their usual business activities.
READ: Kristin Cavallari Spills the Tea on Her Hottest Hookup – Prepare for a Surprise!
Table of Contents
CDK Global
CDK Global offers a comprehensive SaaS platform for the auto industry, supporting various functions such as customer relationship management (CRM), financing, payroll, support and service, inventory management, and back-office operations.
With a client base exceeding 15,000 car dealerships across North America, CDK Global is a crucial player in the industry. The company employs thousands of people throughout the region.
Car dealerships connect to CDK’s services through an always-on VPN, enabling their locally installed applications to access the SaaS platform.
Last night and into the early hours of this morning, CDK Global experienced a cyberattack that led to the shutdown of its IT systems, phones, and applications in an effort to contain the breach.
Brad Holton, CEO of Proton Dealership IT, a cybersecurity firm serving car dealerships, informed BleepingComputer that the attack prompted CDK to take its two data centers offline around 2 AM.
Multiple dealership employees reported that CDK has provided minimal information, only sending an email warning about the cyber incident.
“We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems,” read the email shared with BleepingComputer. “We are currently assessing the overall impact and currently have no ETA.”
Some employees expressed concerns that attackers might exploit the always-on VPN to infiltrate internal dealership networks. CDK advised dealerships to disconnect the VPN as a precaution.
Holton noted
that CDK software, which runs on dealership devices, has administrative privileges for deploying updates. This might be why CDK recommended disconnecting from the data centers to prevent further risks.
While some users reported they could log in using old credentials from before CDK’s transition to a modern single-sign-on platform, the applications were not functioning as expected.
Widespread Disruption
The cyberattack has caused significant disruptions for car dealerships relying on CDK’s platform to manage operations such as tracking and ordering parts, conducting sales, and arranging financing.
On Reddit, dealership employees described the impact, with some stating they had nothing to do and others resorting to manual processes. Some dealerships even sent employees home due to the outages.
“We are almost to that point… no parts, no ROs, no times… just dead vehicles with nothing to show for them or parts to fix them,” posted one employee. Another commented, “Excel spreadsheets and post-it notes for any parts we’re handing out. Any big jobs are not happening.”
Ransomware Speculation
While there has been no official statement from CDK, rumors suggest the company might have suffered a ransomware attack, potentially affecting its backups. BleepingComputer has not been able to independently verify this information. If it is indeed a ransomware attack, the outages could persist for days, possibly extending into the next week or longer.
Ransomware attacks typically involve infiltrating corporate networks, spreading quietly to other devices while exfiltrating corporate data. Once they gain administrative privileges and steal all relevant data, the attackers encrypt the network’s devices, leaving ransom notes with instructions for contacting the hackers.
The stolen data and encrypted devices are then used in double-extortion schemes, where attackers demand a ransom to provide a decryption key and to delete the stolen data without publishing it. These negotiations can last for weeks, and if the ransom is not paid, the attackers often leak the stolen data, which may include sensitive information about employees and customers.
