Search This Blog

Powered by Blogger.

Blog Archive

Labels

CDK Cyberattack Traced to BlackSuit Hackers: U.S. Auto Industry Under Siege

BlackSuit hackers disrupt U.S. auto dealerships via CDK, highlighting cybersecurity gaps in industry operations.

 


Cybercriminals have carried out a series of hacks targeting big companies by breaking into the back ends of their software suppliers, disrupting operations at auto dealerships all over the U.S. This is the latest in a wide-ranging series that targets big companies through the breaching of back-end companies. Dealers commonly use this software system to process sales and other operations, such as purchase orders, in the dealership world. Various reports in local media indicate that many dealers have started processing transactions manually as a result of the hack, which occurred last week. 

According to CDK Global, which provides software to roughly 15,000 car dealerships in North America, the company is anticipating that all 14 dealerships will be up and running by late evening Wednesday or early morning Thursday as a result of the hack. The software of CDK was compromised by two cyberattacks that forced the company's systems to be taken down for days, which resulted in delays in the scheduling of services, repairs, part deliveries, and the purchase of cars at dealerships in both the United States and Canada. 

Customers were notified by the Illinois-based company on June 24 that the disruptions might last until the end of the month since it was signalling that they could persist for a while. In the days following CDK's discovery of the breach and shutdown of systems on June 19, chaos has engulfed dealerships around the country. As an example of CDK's core product, it is a suite of software tools called a dealership management system that underpins almost every aspect of the day-to-day operations of dealerships. 

The shutdown of the system resulted in an industry that experienced $1.2 trillion in U.S. sales last year being affected and necessary repairs being disrupted as a result. As a result of these disruptions, sales are also expected to suffer just before the end of the quarter. A lot is unknown about the organization, but it appears that it emerged in May of 2023. Analysts believe that this was a relatively new cybercrime team that spun off from a well-established hacker group with Russian ties called RoyalLocker, which was older and well-known. 

A formidable hacking gang originating from the Conti gang, RoyalLocker mostly targeted American companies over the ages with sophistication compared to the other prolific attacks. Based on the data gathered by analysts, Royal was thought to rank third among the most persistent ransomware groups behind LockBit and ALPHV. The company's aggressiveness compared to the other three is not as high as BlackSuit's. Kimberly Goody, the head of cybersecurity analysis at Mandiant Intelligence, has said she has found that the number of victims listed on this site indicates that it does not have as many hacking partners as larger ransomware gangs do, based on the number of victims listed on the site. 

The cyberattack on CDK Global that has paralyzed car sales across the U.S. is believed to have been carried out by hackers called BlackSuit, according to a threat analyst for Recorded Future Inc. Allan Liska, the firm's threat analyst. Bloomberg News previously reported that the gang had requested tens of millions of dollars in ransom for the disruptions to end, and CDK was committed to making the payment, at least according to Bloomberg News. In recent decades, there has been a significant amount of consolidation within the sector that has led to a small number of companies that provide 'dealership management systems' for auto sellers. 

 The recent cyberattack on U.S. car dealerships, facilitated through CDK's services, underscores the increasing vulnerability of thousands of retail outlets. These dealerships heavily rely on CDK for essential operations such as financing, insurance management, vehicle, and parts inventory, as well as sales and repair processes. According to a 2023 report by CDK, cybercriminal activity targeting car dealerships is on the rise, with 17% of 175 surveyed dealers reporting incidents within the past year—a notable increase from the previous year's 15%. Of those affected, 46% cited significant financial or operational setbacks due to cyberattacks. 

Dealerships have become prime targets due to the substantial volumes of sensitive customer data they store. From credit applications to financial records, these establishments possess a wealth of valuable information coveted by hackers, as highlighted in a 2023 article by Zurich North America. The group known as BlackSuit has emerged as a prominent threat, employing tactics such as "double extortion," where stolen data is used to coerce victims into paying a ransom. 

According to Mandiant's findings, BlackSuit operates an infrastructure supporting affiliated cybercriminal groups, aiding extortion activities, and exerting pressure on victims through various means, including website disruptions. As the frequency and sophistication of cyber threats continue to escalate, the vulnerability of car dealerships to such attacks underscores the urgent need for enhanced cybersecurity measures across the automotive industry. Efforts to safeguard sensitive customer information and maintain operational continuity are paramount in mitigating the impact of cyber incidents on these critical businesses.
Share it:

BlackSuit

Cyber Attacks

Cyber Software

CyberCrime

Cyberhackers

Cybersecurity

CyberThreat