iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
As many as 15,000 car dealerships across the US have been prevented from conducting business after a cyber attack crippled software provider CDK Global.
The company provides software for car dealership operations, such as CRM, payroll, support and service, inventory, financing, sales and more. General Motors dealerships and Group 1 Automotive are just two of its customers.
CDK Global announced on Wednesday (19 June) that it had detected a cyber attack on its systems.
“We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems,” CDK spokesperson Lisa Finney said in a statement seen by media.
“We are currently assessing the overall impact and currently have no ETA.”
“We are continuing to conduct extensive tests on all other applications, and we will provide updates as we bring those applications back online.”
Later on Wednesday, CDK’s core document management and digital retail systems were restored.
While the exact number of dealerships affected by the incident was mentioned, CDK said it services almost 15,000 car dealerships with its software-as-a-service (SaaS) platform.
According to media reports, employees have raised concerns regarding the potential for threat actors to gain control of car dealerships’ internal networks.
CDK Global’s software requires car dealerships to configure an always-on VPN for its data centres so the platform can be accessed by locally installed applications. According to BleepingComputer, the platform has administrative privileges used to update the software, which could be leveraged to control the network.
CDK has advised that its customers disable the VPN for the time being.
At the time of writing, Cyber Daily has not been able to identify the threat actor behind the attack.
Be the first to hear the latest developments in the cyber industry.
