CDK Global cyberattack still crippling car dealers
Summary
TLDRFollowing a major cyberattack on CDK Global, a software provider for car dealerships, many businesses are still struggling to operate fully, reverting to manual processes. The ransomware attack on June 19th has led to an estimated financial loss of at least $944 million due to business interruptions. Experts suggest that recovering from such intrusions can take weeks to months, emphasizing the need for businesses to focus on multifactor authentication, system patching, and proactive defense measures to harden against future attacks.
Takeaways
- π¨ A major cyberattack on CDK Global, a company providing software for car dealerships, has caused significant operational disruptions.
- β±οΈ Recovery from the ransomware attack is expected to take weeks to months, which is common for enterprise-wide intrusions.
- π The process involves ensuring the threat actor no longer has access, investigating the breach, and recovering systems.
- π‘ Hardening the environment to prevent re-hack is as important as recovery, emphasizing the need for robust security measures.
- πΈ The estimated financial loss from the outage could be at least $944 million due to business interruptions over the first three weeks.
- π Extortion operations targeting organizations in the United States are frequent, with ransomware a common method to demand payments.
- π₯ There has been an increase in targeted attacks against healthcare organizations, indicating a shift in threat actor focus.
- π‘οΈ Multifactor authentication is crucial for defending networks against unauthorized access.
- π Regular patching of systems and software is critical to maintaining security and preventing intrusions.
- π΅οΈββοΈ Engaging ethical hackers to test network defenses before threat actors can exploit vulnerabilities is recommended.
- π― Businesses should assume a level of intrusion and build defensive controls to minimize the impact of an attack on operations.
Q & A
What major event occurred nearly two weeks prior to the script's recording?
-A major cyberattack on a company that provides software for car dealerships took place.
Which company was affected by the cyberattack?
-CDK Global was the company affected by the ransomware attack.
What systems does CDK Global provide for car dealerships?
-CDK Global provides systems to help run operations, manage inventory, and handle customer relations.
Why have some car dealerships had to revert to using paper and pen?
-Due to the cyberattack on CDK Global, many car dealerships are not fully functioning and had to revert to manual processes.
What was the expected date for the systems to be back to normal operations?
-The systems were expected to be back by July 4th.
What is the estimated financial loss from the outage over the first three weeks?
-The estimated financial loss from the outage is at least $944 million due to business interruptions.
Why does it take several weeks to recover from an enterprise-wide intrusion?
-It takes time to ensure the threat actor no longer has access, perform investigative work, recover systems, and harden the environment to prevent re-intrusion.
What is the common pattern in extortion operations against organizations in the United States?
-Extortion operations often involve the deployment of ransomware and the demand for extortion payments from threat actors.
Which sectors have been targeted by threat actors in recent attacks?
-Sectors such as healthcare, supply chain organizations, and banking have been targeted.
What is the role of Charles Carmichael in the context of this discussion?
-Charles Carmichael is a consultant from the organization of Google Cloud, discussing the cyberattack and recovery process.
What are some fundamental measures businesses can take to harden their targets against cyber threats?
-Businesses should focus on multifactor authentication, engaging ethical hackers to test defenses, patching systems and software, and building defensive controls and visibility across the environment.
Are there certain types of businesses that are more likely to be targeted by threat actors?
-Threat actors are opportunistic and target any organization capable of paying multimillion-dollar demands, but there has been a noticeable increase in targeted attacks against healthcare organizations.
Outlines
π Impact of Cyberattack on Car Dealerships
A major cyberattack on CDK Global, a software provider for car dealerships, has left many businesses partially non-functional for nearly two weeks. The company relies on CDK Global for operational systems, inventory, and customer relations. Following the ransomware attack on June 19th, some dealerships have had to revert to manual processes with paper and pen. The company anticipates being back online by July 4th and estimates financial losses from the outage to be at least $944 million due to business interruptions over the first three weeks. Charles Carmichael, from Google Cloud, discusses the commonality of such extended recovery times for enterprise-wide intrusions, the investigative work required to ensure the threat actor no longer has access, and the process of hardening the environment to prevent re-hacking.
Mindmap
Keywords
π‘Cyberattack
π‘CDK Global
π‘Ransomware
π‘Business Interruption
π‘Recovery Time
π‘Threat Actor
π‘Hardening
π‘Extortion
π‘Multifactor Authentication
π‘Patch
π‘Healthcare Organizations
Highlights
A major cyberattack on a company that provides software for car dealerships has left many not fully functioning nearly two weeks after the incident.
The affected company, CDK Global, provides systems for operations, inventory, and customer relations to car dealerships.
Since the ransomware attack on June 19th, some car dealers have had to revert to using paper and pen due to system outages.
CDK Global expects to be back to full functionality by July 4th.
The estimated financial losses from the outage could be at least $944 million due to business interruptions over the first three weeks.
Charles Carmichael from Google Cloud Consulting discusses the challenges of recovering from enterprise-wide intrusions.
Recovery from such cyberattacks can take several weeks to a few months.
Ensuring that the threat actor no longer has access to the environment is a crucial part of the recovery process.
Investigative work is needed to understand how the intrusion occurred and to ensure the threat actor does not retain access.
Systems and environments must be recovered to continue business operations, which can take weeks.
Hardening the environment to prevent re-hacking is a critical final step in the recovery process.
Extortion operations are common against US organizations, with many involving ransomware and extortion demands.
Attacks have targeted healthcare, supply chain, banking, and other sectors, with threat actors seeking multimillion-dollar demands.
The increasing sophistication of threat actors is a continuous challenge, but defensive measures are also improving.
Law enforcement actions may help decrease the number of intrusions over time.
Businesses should focus on fundamentals like multifactor authentication, engaging ethical hackers, patching systems, and building defensive controls.
Any organization can be a target for extortion, but healthcare has seen more targeted attacks recently.
Transcripts
.
>>> NEARLY TWO WEEKS AFTER A
MAJOR CYBERATTACK ON A COMPANY
THAT PROVIDES SOFTWARE FOR CAR
DEALERSHIPS.
MANY ARE NOT FULLY FUNCTIONING
THE COMPANIES RELY ON CDK
GLOBAL FOR SYSTEMS TO HELP RUN
THEIR OPERATIONS AND FOR
INVENTORY AND CUSTOMER
RELATIONS.
BUT, SINCE THE RANSOM AWARE
ATTACK ON JUNE 19th, SOME CAR
DEALER HIS TO REVERT BACK TO
OLD OLD FASHIONED WAY, WITH
PAPER AND PEN.
THEY EXPECT THEM TO BE BACK BY
JULY 4th.
THEY ESTIMATE THAT FINANCIAL
LOSSES FROM THE OUTAGE COULD BE
AT LEAST $944 MILLION.
AS A RESULT OF BUSINESS
INTERRUPTIONS OVER THE FIRST
THREE WEEKS.
. CHARLES CARMICHAEL JOINS ME
NOW, CONSULTING THE
ORGANIZATION OF GOGGLE CLOUD.
THANK YOU FOR JOINING US.
SO, THE OUTAGE, THE CDK
CYBEROUTAGE IS STRETCHING INTO
THE THIRD WEEK.
WHY IS IT TAKING SO LONG TO GET
THINGS BACK UP AND RUNNING?
>> IT IS INCREDIBLY COMMON FOR
ORGANIZATIONS THAT DEAL WITH
ENTERPRISE WIDE INTRUSIONS FOR
SEVERAL WEEKS, PERHAPS A MONTH
OR A FEW MONTHS TO REALLY
RECOVER THEIR BUSINESS
OPERATIONS.
WHAT THEY ARE DEALING WITH
RIGHT NOW IS NOT AT ALL
UNCOMMON.
>> WHAT TAKES SO LONG?
CLOSING THE DOOR?
>> Reporter: IT IS A
COMBINATION OF A FEW THINGS.
YOU HAVE TO ENSURE THAT THE
THREAT ACTOR NO LONGER HAS
ACCESS TO THE ENVIRONMENT.
TREMENDOUS AMOUNT OF
INVESTIGATIVE WORK TO BE
PERFORMED TO FIGURE OUT HOW
THEY GOT INTO THE ENVIRONMENT
AND DO THEY STILL HAVE ACCESS
THE SECOND THING, ORGANIZATIONS
NEED TO DO, THEY NEED TO START
TO RECOVER THEIR SYSTEMS AND
THEIR ENVIRONMENT SO THEY CAN
CONTINUE TO RUN BUSINESS
OPERATIONS.
THAT USUALLY TAKES A FEW WEEKS
TO DO THAT.
AND FINALLY, THEY NEED TO MAKE
SURE THE ENVIRONMENT IS
HARDENED ENOUGH SO THEY CAN NOT
GET EASILY REHACKED BY THE
THREAT ACT OR OR OTHERS THAT
MIGHT BE INTERESTED IN
DISRUPTING BUSINESS OPERATIONS
AND ASKING FOR AN EXTORTION
PAYMENT.
>> ARE THERE ANY PATTERNS YOU
ARE SEEING IN CASES LIKE THIS
THAT IT FITS INTO OR IS A NEW
ANIMAL?
>> Reporter: WE SEE EXTORTION
OPERATIONS CONDUCTED AGAINST
ORGANIZATIONS OF THE UNITED
STATES ALL OF THE TIME.
MEDIA RESPONDS TO THOUSANDS.
MANY OF THEM RELATE TO
DEPLOYMENT OF RANSOMWARE AND
ASK OF AN EXTORTION DEMAND FROM
THREAT ACTORS AGAINST VICTIM
ORGANIZATIONS.
WE HAVE SEEN ATTACKS TOWARDS
HEALTH CARE, NUMBER OF SUPPLY
CHAIN ORGANIZATIONS, BANKING,
ET CETERA.
THREAT ACTORS ARE LOOKING FOR
WAYS TO GET PAID MULTIMILLION
DEMANDS BY CONDUCTING THESE
TYPES OF INTRUSION OPERATIONS.
>> AND, IS IT BECAUSE THE
HACKERS ARE GETTING BETTER AT
HACKING OR SYSTEMS GETTING
WEAKER?
OR ARE WE NOT GOOD -- ONE CASE
SOMEONE DID NOT HAVE TWO FACTOR
AUTHENTICATION THAT IS
LAZINESS.
>> Reporter: A LOT OF
OPPORTUNITIES FOR THREAT ACTORS
TO BREAK IN.
IT IS DIFFICULT FOR
ORGANIZATIONS TO CONTINUOUSLY
DEFEND AGAINST THREAT ACTORS.
A PROBLEM WE WILL CONTINUE TO
SEE AND THREAT ACTORS ARE
ABSOLUTELY GETTING BETTER BUT
THE GOOD NEWS IS WE ARE ALSO
GETTING BETTER FROM DEFENSIVE
PERSPECTIVE.
I HOPE THAT OVER TIME AS WE SEE
MORE ACTIONS BY LAW ENFORCEMENT
THAT THE AMOUNT OF INTRUSIONS
WILL START TO DECREASE A BIT
OVER TIME.
>> WHAT CAN BUSINESSES DO TO
HARDEN THEIR TARGETS AS IT
WERE?
>> Reporter: FOCUS ON THE
FUNDAMENTALS, MULTIFACTOR IS
IMPORTANT FOR DEFENDING
NETWORKS.
ENGAGE THE GOOD FOLKS TO BREAK
INTO THE NETWORK BEFORE THREAT
ACTORS HAVE THE ABILITY TO DO
THAT.
PATCH SYSTEMS, PATCH SOFTWARE.
IT IS REALLY CRITICAL AND
IMPORTANT.
AND, ASSUME THAT ORGANIZATIONS
MAY HAVE A LEVEL OF INTRUSION
AGAINST THE ORGANIZATION OR
AGAINST SYSTEMS AND TRY TO
BUILD SOME DEFENSIVE CONTROLS
AND VISIBILITY ACROSS THE
ENVIRONMENT TO STOP AN ATTACK
FROM BEING DISRUPTIVE TO AN
ORGANIZATION.
>> IS THERE AN ORGANIZATION IF
I AM IN A CERTAIN BUSINESS
SHOULD I BE MORE CONCERNED THAN
ANOTHER?
IF SO, WHAT KINDS OF BUSINESSES
ARE RIPE FOR TARGETS?
>> SO, FROM AN EXTORTION.
ANY ORGANIZATION THAT SEVERAL
HUNDREDS OF MILLIONS,
ULTIMATELY THESE THREAT ACTORS
ARE LOOKING TO CREATE ENOUGH
BUSINESS DISRUPTION AND COWORSE
VICTIMS INTO PAYING USUALLY
SEVEN OR EIGHT FIGURE DEMANDS.
SO, REALLY THEY ARE
OPPORTUNISTIC.
HOWEVER, WE HAVE SEEN MUCH MORE
TARGETED ATTACKS AGAINST HEALTH
CARE ORGANIZATIONS OVER THE
PAST SEVERAL MONTHS BECAUSE IT
Browse More Related Video
Major cyberattack still hampering car dealerships
Thousands of car dealershipsβ operations crippled by cyberattack
CDK Global cyberattack leaves thousands of car dealers floundering
FULL Dialog - Mantan Hacker Bicara Soal Data Nasional "Down"
It's Time to Pay the Ransom
Cyber attack on auto dealership software impacts car sales across Colorado
5.0 / 5 (0 votes)