When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
A global car dealership SaaS (Software as a Service) Provider, CDK Global, was hit with a cyberattack affecting dealership operations, including CRM (Customer Relationship Management), financing, payroll, support and service, inventory, and back-office operations. Other reports indicate an additional attack in conjunction with the first.
What we now know is that CDK Global experienced an incident on June 18 which disrupted business operations of over 15,000 dealerships in North America. While SpearTip is not directly involved with ongoing Incident Response or Recovery efforts, we have learned that CDK had restored partial services Wednesday, June 19, only to fall victim of a second attack later that evening.
There are unverified reports that a small percentage of dealerships believe the threat actors were able to directly access their systems through this breach. With this information, SpearTip recommends that dealerships take the following actions:
The CDK software running on devices has administrative privileges to update systems, which is why we are recommending disconnecting from the data centers. This level of access could allow the threat actors unrestricted access to a dealership’s systems and data.
All dealerships should be on heightened guard as the CDK breach may lead to increased threat actor actions in an already frequently targeted industry. This increased attention by threat actors may lead to business email compromise, wire fraud, account takeover, data exfiltration, and/or ransomware attacks.
Important Notice:
Dealerships should remain vigilant when contacted by anyone claiming to be a CDK agent or representative, as there have been reports of dealerships being called for information to attempt to gain access to systems. CDK has released a statement to their customers to inform them that CDK is not contacting customers directly.
Daily reporting indicates that the majority of dealerships affected by the CDK breach are not operational. CDK provides the main software allowing those businesses to function. This highlights the very real need for an Incident Response Plan, Business Continuity Plan, Disconnected Backups and regular testing of those backups.
With the recent spike in attacks against automotive dealerships, we at SpearTip are actively tracking this compromise and working with our clients to inform them of this activity, spread awareness and provide key prevention measures.
FTC Safeguards
Given dealerships are now included in the FTC Safeguards Rule for compliance, this incident may impact dealerships at a higher level than strictly operational downtime. In order to comply with the Safeguards Rule, SpearTip has developed an FTC Safeguards Assessment and services to enable your organization to be appropriately equipped to abide by the regulation.
See the eCFR (Electronic Code of Federal Regulations) here: https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314/section-314.4
The three main objectives of an information security plan are:
Reminder for reporting requirements:
Reporting should address:
While the rules and regulations may seem burdensome to businesses used to manufacturing and selling automobiles, the required cybersecurity measures are at the core of SpearTip‘s operational mission, and we’re able to assist and provide guidance on best approaches to abide by the Safeguards Rule. Our tools and services include:
For any general questions or inquiries about this incident or how we can help prevent or prepare your organization for a cyberattack, email us at info@speartip.com or call 1-800-236-6550. If you’re currently experiencing an incident, email ir@speartip.com or call 1-833-997-7327.
As this incident is ongoing, we’re actively working to update this document with any helpful information and additional findings. (Last update: June 21, 11:15 AM CST.)
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.