CDK, a company that provides software-as-a-service to car dealers, suffered a major cyber attack that forced it to shut down most of its systems.
As a result, the companies that used CDK’s services were unable to conduct the majority of their business and were reduced to pen and paper for the little work they were able to do.
According to a report on BleepingComputerWhen CDK noticed the attack, it disconnected most systems to prevent it from spreading. Two servers were taken offline at 2 a.m. local time and remained offline for most of the day.
Disconnect from the VPN
“We are actively investigating a cyber incident,” the company said BleepingComputer. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working hard to get everything up and running as quickly as possible.”
CDK Global offers a comprehensive suite of software solutions and services designed to help automotive dealers manage and improve their operations in a variety of areas, including dealer management systems (DMS), digital marketing, business intelligence and analytics, fixed operations solutions and cybersecurity. The company reportedly has more than 15,000 customers and serves 30,000 dealer sites worldwide.
Car dealers using CDK’s services must configure an always-on VPN to the company’s data centers, allowing locally installed applications to access data stored on the servers. The company has now advised its customers to disconnect the VPN to prevent the attack from spreading to third-party systems.
While the nature of the attack has not yet been confirmed, it is usually the result of ransomware when a company is forced to disconnect its IT infrastructure. Threat actors lock their victims out of their endpoints, steal sensitive data, and then demand money in exchange for the decryption key and keeping the data private.
About fifteen hours after the incident was noticed, the company restored the services of CDK Phones, DMS and Digital Retail. Unify and DMS logins have also become available, while recovery is still ongoing for other services.