Written by Montgomery J Granger @mjgranger1
My 22-year-old son is not a chatterbox about his job, but at the dinner table, we prod and poke to give him opportunities to unwind and relieve some of the stress of working on cars eight hours a day. He works as an automotive technician at a high-quality car dealership.
“It was Armageddon.” This caught our attention. Not one to use biblical references, our son is more prone to saying “nothing much” when we ask how work was. Today was different, very different. Our minds raced with visions of collisions and explosions, but that would have been much easier to explain.
No, this ‘Armageddon’ was a cyber attack on the Dealer Management Systems (DMS) that run every aspect of a car dealership, from loans to maintenance. My son described panic and nervousness over not having answers for customers regarding parts and services. He described writer’s cramp from having to do everything “stubby pencil.”
My son said it had something to do with the email server. Everything was shut down, and there was some kind of ransomware involved.
“Do you know the name of the operating system?” I asked. He mentioned a company called CDK Global. I immediately looked it up and found a story from USA Today that confirmed the Armageddon my son had revealed.
Since then, many stories have been written about the incident, summarized below, which has widespread implications for many companies and highlights the need for improved cybersecurity.
CDK Global Cyberattacks: Impact on the Automotive Industry
CDK Global, a leading provider of dealership management systems (DMS) used by over half of all US dealerships, suffered two cyberattacks within a week, causing widespread disruptions to the automotive retail sector. The first attack occurred early Wednesday morning, prompting CDK to shut down all its systems to protect customer data. While limited access to some services was restored later, a second attack that night forced another shutdown.
CDK now estimates that the outage may last for several days, leaving dealerships to rely on manual processes, hindering their ability to serve customers and potentially impacting the US GDP. The company’s struggles underscore a rising trend of cyberattacks targeting automotive firms, including a recent incident at Findlay Automotive Group.
The attacks on CDK Global raise concerns about the security of sensitive customer data and the need for enhanced protection against digital threats within the industry. The incident also highlights the importance of “digital hygiene” practices at the dealership level to mitigate vulnerabilities.
Snowflake Data Breach: Lessons for Enhanced Cybersecurity
In a separate incident, cloud data provider Snowflake confirmed that a “limited number” of its customer accounts were compromised due to a targeted campaign against users with single-factor authentication. While Snowflake claims that it was not directly breached, the stolen credentials obtained through infostealer malware allowed hackers to access customer data stored on Snowflake’s platform.
Among the affected companies are Ticketmaster and Santander Bank, with cybercriminals claiming to have stolen hundreds of millions of customer records. The breach at Ticketmaster, if confirmed, would be the largest in the US this year.
Snowflake’s response has been criticized for not mandating multi-factor authentication (MFA) for its customers, a security measure that could have helped to prevent the catastrophic spread of the cyber-attack. The company is now urging customers to enable MFA and has suspended certain accounts showing signs of malicious activity.
Growing Threat of Cyberattacks Need for Stronger Cybersecurity Measures
The attacks on Snowflake customers, along with CDK Global’s ongoing issues, emphasize the growing threat of cyberattacks in the automotive and data management sectors. Both incidents highlight the need for stronger security measures and better protection of sensitive data.
A true cybersecurity solution needs to include an in-depth understanding of what is actually running on any given network, including having an accurate inventory of all computing devices as well as all of the processes currently running on those devices. If there is a baseline of the established network traffic patterns, anything outside of the normal could be quickly identified and the correct course of action taken to stop the malicious behavior before it was allowed to infect the entire network.
ARKEN: A Plug-and-Play Solution for Cybersecurity
One of the reasons why such catastrophic cyberattacks are so successful is the reliance upon Cloud infrastructure, rather than hosting servers locally within a business’s network. The lower cost of Cloud computing is a major drawing point, but it introduces a major point of vulnerability as well. What price for keeping your proprietary information secure from hackers? What price to avoid the next ransomware attack?
This trend towards more and more serious infotech attacks has caught my attention because I know of a plug-and-play solution for potentially catastrophic breaches: ARKEN.
ARKEN is a woman-owned, veteran-fueled, proudly made in the USA, and fully-NIST compliant cybersecurity product from OURweb, a division of RECON Secure Computing. Their hardware/software solutions have been successfully implemented in law enforcement agencies as well as major USPS contractors across America for several years, making the protected systems virtually impenetrable. They extend over 40 critical areas of protection to accurately identify threats and preemptively stop them dead in their tracks. ARKEN automatically establishes a complete inventory of all devices and all processes to eliminate false positives. Their scalable system is fully customizable to fit anyone’s needs, from single-source computing to large enterprise operations.
ARKEN is not Cloud-based; it is on-site. From the first installation, it sends out automated alerts and their Incident Response Protocols initiate stop-actions to reduce initial attacks to single, controllable incidents that are fully auditable and actionable to minimize even insider threats.
If users of CDK Global services had been connected to ARKEN modules, these system-wide breaches could have been minimized and the source of the attacks could have been identified as inauthentic and shut down immediately. Wiping out any ransomware and recovering from one infected-but-isolated computer is manageable. Wiping out ransomware and recovering from an entire network being infected? Not so manageable. The cost of recovering from such a massive cyberattack can be crushing, and negotiating with hackers can be fraught with hazards as well.
The Need for Local Isolated Backups
Last key point: if CDK had enabled local isolated backups instead of an already-infected Cloud-based service, each dealership could have rapidly recovered and regained operational status once those clean backups had been reapplied.