30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global
Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again).
CDK Global, by far the biggest provider of dealer management software for the U.S. auto trade, has suffered two crippling hacks in the same week. The services are down again and its customers aren’t happy.
The software-as-a-service provider isn’t saying much, but it smells just like a ransomware attack. In today’s SB Blogwatch, we need to go discuss this with our manager real quick.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Reich AI remaster.
Updated June 21, 2024 18:51 UTC with CDK’s Adaptiva’s brief statement that disabling the Adaptiva client is not recommended.
Updated June 21, 2024 20:18 UTC expanded statement now with attribution from Adaptiva.
Spend More on Security!
What’s the craic? Lawrence Abrams reports: CDK Global hacked again while recovering from first cyberattack
“Not properly investigating”
CDK Global is a software-as-a-service platform that provides a full suite of applications to handle a car dealership’s operation, including sales, back office, financing, inventory, and service and support. … CDK became aware that they were breached Tuesday night, causing them to shut down their data centers, IT systems, and login systems. The attack led to a massive outage as car dealerships could not conduct … normal operations.
…
Unfortunately, as CDK was restoring its services, they were once again forced to shut down their systems after suffering another breach. … The outages are affecting some of the largest automotive dealers in the world, such as Penske.
…
CDK … says they aim to bring systems back online [today]. However, cybersecurity and IT professionals in the automotive industry … believe CDK is moving too fast, … potentially increasing the risk to its customers, [because] CDK is not properly investigating the scope of the breach before bringing servers back online.
Is this a big story? Dan Shine, Mark Hollmer, Gail Kachadourian Howe and Julie Walker run the numbers: Will last ‘likely for several days’
“Critical functionality”
CDK … dominates the market by a wide margin: [Its] dealership management system serves close to 15,000 [car] dealership locations, [but] that number jumps to 30,000 when trucks are factored in.
…
The CDK cyberattack shutdown has potentially far-reaching implications for auto retail franchises, according to a new report: … “The impact is potentially far-reaching as … some dealers [are] nearly wholly reliant upon [CDK] for critical functionality such as CRM, sales processing, inventory management, etc.” … With some dealers unable to do business or left with using pencil and paper to process sales, others can’t perform service work because they can’t locate parts, according to the report … from Seaport Research Partners.
What have CDK’s PR flaks got to say? Zack Whittaker: Ongoing outage after CDK cyberattacks
“CDK did not answer”
CDK spokesperson Lisa Finney confirmed the second incident and another shutdown: … “In partnership with third party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible.”
…
CDK did not describe the nature of the initial cyberattack. … CDK did not answer [my] specific questions, … including if it’s aware of any exfiltration of data from its systems. It’s not yet clear if the company has the ability to determine what customer data, if any, was stolen.
What’s life like at affected dealerships? NeverSummer despairs:
We are on CDK where I work. We just onboarded a few months ago. When we onboarding, we were told that CDK had never been hacked etc., etc. — and then this.
…
We can fallback on our old DMS, which is what we have done. [But] other dealers around me are having major issues. CDK does everything from payroll to service tickets to parts and vehicle inventory and much much more.
…
We are being told to expect CDK down for a few more days. Which I read as a few more weeks.
Sounds awful. But darkain gives zero ****s:
Cars literally sold for a century before this cloud nonsense brought an entire industry to its knees. Wanna know what cars are available to sell? Look out the ****ing window.
What can be done in the meantime? u/codebooker has this suggestion:
CDK Drive updates rely on software called CDK SIA and another piece of software called Adaptiva which is installed on every computer that uses CDK Drive. If SIA or Adaptiva gets breached or has gotten breached they could remotely install malware on every computer. … It would not be a bad idea to shut down your computers if you have CDK Drive on them … out of an abundance of caution.
[Adaptiva’s CEO, Deepak Kumar, says: “Adaptiva’s products … are not involved in this breach. We do not recommend disabling the Adaptiva client at dealerships, since this functionality may be necessary in the future to expedite the recovery process and bring dealerships back online.” I’ve therefore added a strikethrough for transparency—rj.]
How long before some personal data leaks? flerchin pictures the scene:
Imagine the details of every car sale in the US dumped. It would be a goldmine of useful information for everyone—except the car dealers.
What do we know about CDK Global? Two words: Private equity, according to Ickyban:
CDK was acquired by private equity a little while back and I’m guessing they cut costs as much as possible, including cybersecurity. Idiots in suits.
Less guesswork; more insider info, please. A slightly sweary u/thebigdonkey claims to be a “Former CDK employee:”
After [the CEO] got fired from CDK the first time, he didn’t just take his eight figure golden parachute and retire. He went to work as an advisor for a private equity firm with the apparent sole purpose of advising them on how to acquire and milk CDK for cash. He is an ******* of the highest order.
…
I left right before the private equity buyout but I still know people on the inside. … I cannot emphasize enough how much of a ****** organization it is. [The CEO] and his PE bosses are in full cashflow extraction mode. I can’t see Drive ever getting any improvements going forward. They’ll do enough to keep it mostly functional and that’s it.
Meanwhile, you can’t say Frodo Douchebaggins didn’t warn you:
This is a poem,
With a recommendation that’s graphic.
To improve the Earth,
Push private equity people into traffic.
And Finally:
R.I.P., Donald Sutherland—every time it rains, you’re here in our heads
Sadly, this “AI remastering” is the usual bizarre waxy mess if you look too close. I think this promo was originally shot on 16mm, so couldn’t they TC it in HD? Although they’d need to recreate some of the dodgy mid-80s SFX. What say you, FishPeople people?
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: TopSphere Media (via Unsplash; leveled and cropped)