CDK Global, a leading software-as-a-service (SaaS) provider for the automotive industry, suffered a second cyberattack on June 19, 2024, compounding the challenges the company faced from an earlier attack the previous day. As CDK attempted to restore systems from the initial breach, this new incident forced the company to once again shut down most of its systems to protect its customers.
The company notified impacted clients through a message emphasizing their cautious approach: “We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19. Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems.”
The notification also mentioned that CDK is consulting with external third-party experts to assess the impact and did not provide a specific timeframe for resolution.
CDK Global provides comprehensive SaaS platforms to over 15,000 car dealerships across North America, covering CRM, financing, payroll, support and service, inventory, and back-office operations. The widespread use of CDK's services means that the disruption significantly impacts daily business activities for many dealerships, halting operations and leading to considerable economic losses.
The first attack, reported on June 18, 2024, led CDK to take its data centers offline to prevent the spread of the attack. The initial breach had already caused substantial disruption, with many car dealerships resorting to manual processes such as using paper and pencil or sending employees home due to the outages. The second attack further exacerbates these issues, leaving businesses unable to track or order parts, conduct sales, or offer financing.
The exact nature of the cyberattacks remains unclear, though there are rumors of a ransomware attack that could potentially involve double-extortion tactics. At the time of writing, no ransomware gangs have claimed the attack at CDK.
The economic impact of these attacks is substantial. Car dealerships rely heavily on CDK's systems for their operations, and prolonged outages disrupt sales, service operations, and customer interactions. This downtime translates to significant financial losses and operational challenges, particularly as dealerships scramble to find alternative solutions or workarounds.
In response to the ongoing issues, CDK has provided dedicated phone lines for updates in English and French, acknowledging the critical nature of the situation and the need for constant communication with affected clients. The company assured its customers that reinstating normal operations is a top priority, although no specific timeline has been given.
CDK recommends that impacted clients disconnect Always-On VPN connections until all systems are restored to normal operations, preventing potential lateral movement by attackers.
SolarWinds Serv-U Path-Traversal Vulnerability Exploited by Attackers
Leave a Reply