In a significant cyberwar incident, CDK Global, a software-as-a-service provider for car dealerships, experienced a massive cyberattack. This attack compelled the company to shut down its systems, leaving clients unable to conduct business as usual.

CDK Global delivers a comprehensive SaaS platform supporting all aspects of car dealership operations, including CRM, financing, payroll, support and service, inventory management, and back-office functions.

The company serves over 15,000 car dealerships across North America and employs thousands nationwide.

Car dealerships use CDK’s services by configuring an always-on VPN to the provider’s data centers, enabling their locally installed applications to access the platform seamlessly.

Late last night and into the early morning, 6/19/24, CDK Global faced a cyberattack that led to the shutdown of its IT systems, phones, and applications to prevent the attack’s spread.

Brad Holton, CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships, reported that the attack caused CDK to take its two data centers offline around 2 AM.

Employees from multiple dealerships indicated that CDK has provided minimal information, only sending an email warning of a cyber incident.

“We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems,” read an email shared among affected parties. “We are currently assessing the overall impact and have no ETA.”

Some employees expressed concerns that cybercriminals might exploit the always-on VPN to infiltrate the internal networks of car dealerships.

Troy Duhon, CEO of Premier Automotive in New Orleans, also described the situation as particularly disruptive during the peak summer sales season. Bloomberg reported that the hackers, identified as BlackSuit, are demanding substantial ransom payments from CDK Global.

“This situation has pushed us back to a time reminiscent of car sales in the ’70s and ’80s, relying heavily on paperwork,” Duhon remarked.

An IT professional from one dealership stated that CDK advised them to disconnect the always-on VPN as a precautionary measure.

Holton explained that CDK software operating on devices has administrative privileges for deploying updates, which might be why CDK recommends disconnecting from the data centers.

While some users have been able to log in with old credentials upgraded during CDK’s transition to a modern single-sign-on platform, the application reportedly does not function as expected.


Widespread Disruption Amid Cyberwar Attack on CDK Global

The recent cyberattack on CDK Global has led to widespread disruption among car dealerships reliant on their platform for tracking and ordering car parts, conducting new sales, and offering financing.

Employees have reported on forums such as Reddit that the outage has left them idle or forced them to revert to manual processes. Some dealerships have even sent employees home for the day due to the extensive outages.


Although there has been no official statement from CDK Global, rumors suggest that the company suffered a ransomware attack that also affected its backups.

While this information has not been independently confirmed, if it was indeed a ransomware attack, the outages are likely to persist for days, possibly extending into the next week or longer.

Ransomware gangs typically breach corporate networks, quietly spreading to other devices while stealing corporate data. Once they gain administrative privileges and have stolen all the data, they encrypt the network’s devices, leaving ransom notes with instructions for contacting the hackers.

These attacks often involve double-extortion schemes, where the threat actors demand a ransom for a decryption key and to prevent the publication of stolen data.

Negotiations in such cases can take weeks, and if a ransom is not paid, the hackers often leak the corporate data, which usually includes the personal information of employees and potentially customers.

Update on CDK Global Cyber Incident

Update 6/19/24: CDK Global has shared the following statement regarding the ongoing cyber incident:

“We are actively investigating a cyber incident. Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.” – CDK.

Update 6/19/24 5:24 PM ET: CDK Global has provided an update to its customers, stating that they have restored CDK Phones, DMS, and Digital Retail. Additionally, Unify and DMS logins are now available.

The company is continuing to conduct tests on all other applications before bringing them back online.


Lessons from the CDK Global Cyberattack

The cyberattack on CDK Global underscores the critical importance of robust cybersecurity measures for businesses, especially those handling sensitive customer data and operational functionalities. Businesses must be proactive in fortifying their cybersecurity protocols to mitigate risks associated with potential cyber threats.


Is Your Business Prepared for a Cyber Attack?

Considering the recent events at CDK Global, it’s imperative for businesses to assess their cybersecurity readiness. Are your systems adequately protected against potential cyber threats? What measures do you have in place to safeguard sensitive data and maintain operational continuity in the event of a cyber incident?


Ensuring Business Security in the Age of Cyber Threats

Securing your business against cyber threats requires a multi-layered approach encompassing network security, data encryption, regular vulnerability assessments, and employee training. Establishing a robust cybersecurity framework is crucial to safeguarding your business’s integrity and reputation.


How Network 512 Cybersecurity Can Safeguard Your Business

At Network 512 Cybersecurity, we specialize in providing comprehensive cybersecurity solutions tailored to your business’s needs. From threat detection and prevention to incident response and recovery, our expert team is dedicated to ensuring your data remains secure and your operations uninterrupted.


Contact Us Today

Ready to strengthen your business’s cybersecurity posture? Contact Network 512 Cybersecurity today, call: 512-662-1902 to schedule a consultation and learn more about how we can help safeguard your data and operations against cyber threats or fill-in the form below.

Please enable JavaScript in your browser to complete this form.