Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label CDK Global. Show all posts
Ransowmare
BlackSuit CDK Global Cyber Attacks Cyberattack Data Theft Kadokawa Ransowmare

Cyberattack by BlackSuit Targets Kadokawa and CDK Global

In early June, Kadokawa's video-sharing platform Niconico experienced a server outage, which has now been claimed by the Russia-linked hacker group BlackSuit. This group, a rebrand of the Royal ransomware operation and linked to the defunct Conti cybercrime syndicate, has issued a threat on the dark web to release 1.5 terabytes of sensitive data, including signed documents, contracts, legal statements, and emails, unless a ransom is paid by July 1, 2024. 

Details of the Attack on Kadokawa: 

Kadokawa first acknowledged the cyberattack in early June, which disrupted multiple websites and services. Despite efforts by Kadokawa's IT department, BlackSuit reportedly managed to steal 1.5 terabytes of sensitive data, including business plans, user data, contracts, and financial records. The hackers exploited vulnerabilities in Kadokawa’s network, gaining access to a control center that allowed them to encrypt the entire network, affecting subsidiaries like Dwango and NicoNico. Kadokawa has assured customers that no credit card information was compromised, as it was not stored on their system. 

The company is prioritizing the restoration of accounting functions and normalizing manufacturing and distribution in its publication business, with expected results by early July. Although the production of new publications remains steady, the shipment of existing publications is currently at one-third of normal levels. Kadokawa is implementing alternative arrangements, including increasing human resources, to mitigate the impact. 

In the Web Services business, all Niconico family services are still suspended, but provisional services like Niconico Video (Re: tmp) and Niconico Live Streaming (Re: tmp) have been provided. Existing services such as Niconico Manga smartphone version and NicoFT have resumed. The Merchandise business has seen limited impact, with shipping functions operating normally. However, the failure of Kadokawa’s account authentication function has prevented users from logging into certain online shops. Temporary pages have been created for affected users, and Kadokawa will keep providing updates regarding this issue. 

Impact on CDK Global: 

BlackSuit is also believed to be behind ongoing outages at CDK Global, a software provider for approximately 15,000 North American car dealerships. Several major U.S. auto dealers, including AutoNation, Group 1 Automotive, Penske Automotive Group, Sonic Automotive, and Lithia Motors, have reported disruptions in their services due to the cyberattack. As a result, many dealerships have had to revert to pen and paper for managing auto repairs, closing new car sales, and conducting other business. 

CDK attempted to restore its systems but was hit with a second cyberattack, causing them to shut down all systems again. The company has yet to acknowledge that the attack is a result of ransomware, but an incident like this could take weeks to recover from. Even after operations return to normal, CDK will have to investigate what data was stolen, how the attack happened, and the impact on its customers. 

Allan Liska, a ransomware analyst at Recorded Future, mentioned that the CDK attack has been attributed to BlackSuit in hacker forums and private chat channels. Malicious cybercriminal gangs are known to boast about their schemes on these platforms. While CDK is not yet listed on BlackSuit's dark web site, indicating ongoing negotiations, Bloomberg reported that the hackers are asking for a ransom in the tens of millions of dollars.
Read more »
Ransomware
Automotive Cars CDK Global malware Ransomware

Ransomware Strikes Auto Dealerships: The CDK Global Incident

Ransomware Strikes Auto Dealerships: The CDK Global Incident

The Attack

The automotive industry has faced an unprecedented challenge: a cyberattack targeting CDK Global, a major software provider for auto dealerships. This incident has sent shockwaves through the industry, affecting dealerships across the United States. In this blog post, we’ll delve into the details of the attack, its consequences, and the lessons we can learn from it.

What Happened?

CDK Global, a company that provides software solutions to auto dealers, fell victim to a ransomware attack. The attack was orchestrated by a group known as BlackSuit, which demanded a hefty ransom from CDK. As a precautionary measure, CDK temporarily shut down most of its systems to prevent further damage and protect its customers.

Impact on U.S. Car Dealers

Several major auto dealership groups reported disruptions:

Lithia Motors: Lithia Motors, one of the largest dealership networks in the U.S., faced operational challenges due to the CDK cyberattack. Their day-to-day processes, including inventory management and customer interactions, were affected.

Group 1 Automotive: Group 1 Automotive, another prominent player in the industry, experienced delays in vehicle sales and service. The attack disrupted their ability to process transactions efficiently.

Penske Automotive Group: Penske, a well-known name in auto retail, struggled with system outages. Their sales teams couldn’t access critical information, impacting customer service.

Sonic Automotive: Sonic Automotive’s dealerships grappled with inventory discrepancies. The attack disrupted their supply chain management, leading to delays in vehicle deliveries.

Asbury Automotive Group: Asbury Automotive Group faced challenges in communicating with customers. Their CRM systems were offline, affecting follow-ups and lead management.

AutoNation: AutoNation, a nationwide dealership network, had to adapt quickly. The attack disrupted their online sales platforms, affecting customer inquiries and transactions.

How to Stay Safe?

1. Cybersecurity Preparedness

The CDK incident underscores the importance of robust cybersecurity measures. Dealerships must invest in secure infrastructure, regular vulnerability assessments, and employee training. Cyber hygiene is crucial to prevent and mitigate attacks.

2. Incident Response Plans

Having a well-defined incident response plan is essential. Dealerships should know how to react swiftly when faced with a cyber threat. Regular drills and simulations can help teams prepare for such scenarios.

3. Vendor Risk Management

Dealerships rely on third-party vendors like CDK for critical services. Assessing vendor security practices and ensuring contractual obligations related to cybersecurity are met is vital. Regular audits can help identify vulnerabilities.

Read more »
Subscribe to: Posts (Atom)