Cyberattack on CDK Global disrupts car sales in North America

Data technology company CDK Global Inc., a major provider of software to auto dealers in North America, has been hit by a cyberattack that has forced the company to take its systems offline and prevent customers from processing regular business transactions.

The attack occurred today, June 19, with systems going offline around 2 a.m. Eastern Time. Company still needs to be made an official statement on the attack, although a spokesperson provided some comments to the media.

A spokesperson told Bloomberg via email that the company has “disabled all systems, conducted extensive testing and consulted with external experts.” The same report notes that the company’s core dealer management system and digital retail solutions have since been restored and that CDK is also testing other applications before bringing them back online.

Founded in 2014, CDK provides data and technology solutions for the automotive, heavy truck, recreational and heavy equipment industries. The company’s software is deployed at more than 15,000 dealer locations in North America and employs more than 6,500 people.

BleepingComputer spoke to Brad Holton, the CEO of Proton Dealership IT, a cybersecurity and IT services company for car dealers, who said the attack caused CDK to take two data centers offline. Holton noted that CDK has advised users to also disconnect from the data centers as they are used to deploying updates.

The disruption caused by the outage appears to be widespread, with CNN reporting that a software glitch has caused problems at car yards in the US and Canada during what is apparently being called ‘car buying season’. Due to the outage, car dealers are said to have resorted to manually writing orders and postponing other purchases that were already in the system.

While details of the outage are scarce, thanks to CDK’s apparent reluctance to share details, the ransomware duck test comes into play. If it sounds like ransomware, it probably is. That CDK’s initial response to the ‘cyber attack’ was to take data centers offline would indicate that it was an attempt to prevent the attack from spreading laterally across the network, which is typically seen in a ransomware attack.

Image: CDK Global

Your support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, in-depth, and relevant content.

Join our community on YouTube

Join the community of over 15,000 #CubeAlumni experts including CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more celebrities and experts.

“TheCUBE is an important partner for the industry. You guys are really part of our events and we really appreciate you coming and I know people appreciate the content you create too” – Andy Jassy