Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label CDK Global. Show all posts
software failure
car dealerships CDK Global CrowdStrike Cyber Security digital monoculture industry crisis Ransomware software consolidation software failure

Ransomware Attack and Software Glitches Reveal Fragility in U.S. Car Dealerships and Global Systems

 

A surprising situation unfolded this summer when buying a car in the U.S. became nearly impossible. In June, a ransomware attack targeted CDK Global, a Chicago-based software company with a market value of about $6.4 billion, halting operations at thousands of dealerships for almost three weeks. Approximately half of the U.S. auto industry depends on CDK Global’s software for daily operations.

Shortly after, a malfunctioning software update from cybersecurity firm CrowdStrike caused disruptions worldwide, affecting millions of computers running Microsoft Windows. This glitch impacted critical infrastructure, including airports, banks, hospitals, and government services.

Cybersecurity experts are now concerned as these events signal a more unstable future. The consolidation of software providers and lack of competition in industries offering essential services create risks. A single software failure could bring entire industries to a standstill, and experts warn the next incident could be even worse.

Previously, cyberattacks and outages were either brief or focused on individual targets. However, the attacks on CDK Global and CrowdStrike were different. Rory Mir, associate director of the Electronic Frontier Foundation, emphasized that these events highlight the severe risks linked to reliance on a single software provider, affecting not just individuals but entire industries.

The financial toll from these outages has been significant. The CDK Global attack cost nearly 15,000 car dealerships in the U.S. an estimated $1 billion and led to around 56,200 lost car sales over three weeks, according to Anderson Economic Group. The CrowdStrike incident is believed to have caused even greater economic damage, with some estimates putting the loss in the tens of billions of dollars globally.

As a result, the cyber insurance industry now faces increasingly complex risks. Insurance premiums are likely to rise as insurers struggle to assess the unpredictable nature of future cyber threats. Dr. Keri Pearlson of MIT Sloan School of Management remarked that insurers are grappling with pricing models because they cannot foresee the likelihood or nature of the next major cyber incident.

The CrowdStrike failure demonstrated how a single software issue could affect various industries. The CDK Global attack, on the other hand, underscored how entire sectors—such as car dealerships—can be heavily dependent on a few dominant software providers. This situation is not unique to the automotive industry; the banking and airline sectors also rely on a handful of key software vendors, creating potential choke points for disruption.

For instance, in the banking industry, three payment processors—FIS, Fiserv, and Jack Henry—control approximately 70% of the market. In the airline industry, three major booking platforms—Travelport, Amadeus, and Sabre—dominate the market. These consolidations create vulnerabilities, much like the Suez Canal blockage that paralyzed global shipping for days, according to Brad Hibbert of Prevalent.

Healthcare, long a prime target for cyberattacks, faces even greater risks. Dominant software providers such as Epic Systems and Oracle-owned Cerner control the U.S. digital medical records market, making healthcare IT a weak link in the chain, says Andrew Southall of SkySiege.

To address these vulnerabilities, experts recommend diversifying critical systems and adopting multi-vendor strategies. John Price of SubRosa suggests that businesses should explore redundancy and backup solutions across multiple vendors to minimize the impact of potential outages.

However, diversifying is easier said than done. Federal Trade Commissioner Lina Khan’s antitrust efforts have focused on Big Tech, but niche software providers have largely escaped scrutiny, contributing to the growing risk of market concentration.

As Rory Mir notes, limited choices in software markets may harm consumers and businesses by allowing monopolies to lower security standards. In cybersecurity, this consolidation creates a “digital monoculture,” leaving fewer targets but higher stakes for malicious actors.

CDK Global’s dominance in the auto industry exemplifies the dangers of unchecked market power. The company faced an antitrust case by industry disruptor Authenticom, which accused CDK and Reynolds and Reynolds of forming a cartel. The case ultimately ended with a settlement, but the issue underscores the risks posed by monopolies in the digital age.
Read more »
Ransowmare
BlackSuit CDK Global Cyber Attacks Cyberattack Data Theft Kadokawa Ransowmare

Cyberattack by BlackSuit Targets Kadokawa and CDK Global

In early June, Kadokawa's video-sharing platform Niconico experienced a server outage, which has now been claimed by the Russia-linked hacker group BlackSuit. This group, a rebrand of the Royal ransomware operation and linked to the defunct Conti cybercrime syndicate, has issued a threat on the dark web to release 1.5 terabytes of sensitive data, including signed documents, contracts, legal statements, and emails, unless a ransom is paid by July 1, 2024. 

Details of the Attack on Kadokawa: 

Kadokawa first acknowledged the cyberattack in early June, which disrupted multiple websites and services. Despite efforts by Kadokawa's IT department, BlackSuit reportedly managed to steal 1.5 terabytes of sensitive data, including business plans, user data, contracts, and financial records. The hackers exploited vulnerabilities in Kadokawa’s network, gaining access to a control center that allowed them to encrypt the entire network, affecting subsidiaries like Dwango and NicoNico. Kadokawa has assured customers that no credit card information was compromised, as it was not stored on their system. 

The company is prioritizing the restoration of accounting functions and normalizing manufacturing and distribution in its publication business, with expected results by early July. Although the production of new publications remains steady, the shipment of existing publications is currently at one-third of normal levels. Kadokawa is implementing alternative arrangements, including increasing human resources, to mitigate the impact. 

In the Web Services business, all Niconico family services are still suspended, but provisional services like Niconico Video (Re: tmp) and Niconico Live Streaming (Re: tmp) have been provided. Existing services such as Niconico Manga smartphone version and NicoFT have resumed. The Merchandise business has seen limited impact, with shipping functions operating normally. However, the failure of Kadokawa’s account authentication function has prevented users from logging into certain online shops. Temporary pages have been created for affected users, and Kadokawa will keep providing updates regarding this issue. 

Impact on CDK Global: 

BlackSuit is also believed to be behind ongoing outages at CDK Global, a software provider for approximately 15,000 North American car dealerships. Several major U.S. auto dealers, including AutoNation, Group 1 Automotive, Penske Automotive Group, Sonic Automotive, and Lithia Motors, have reported disruptions in their services due to the cyberattack. As a result, many dealerships have had to revert to pen and paper for managing auto repairs, closing new car sales, and conducting other business. 

CDK attempted to restore its systems but was hit with a second cyberattack, causing them to shut down all systems again. The company has yet to acknowledge that the attack is a result of ransomware, but an incident like this could take weeks to recover from. Even after operations return to normal, CDK will have to investigate what data was stolen, how the attack happened, and the impact on its customers. 

Allan Liska, a ransomware analyst at Recorded Future, mentioned that the CDK attack has been attributed to BlackSuit in hacker forums and private chat channels. Malicious cybercriminal gangs are known to boast about their schemes on these platforms. While CDK is not yet listed on BlackSuit's dark web site, indicating ongoing negotiations, Bloomberg reported that the hackers are asking for a ransom in the tens of millions of dollars.
Read more »
Ransomware
Automotive Cars CDK Global malware Ransomware

Ransomware Strikes Auto Dealerships: The CDK Global Incident

Ransomware Strikes Auto Dealerships: The CDK Global Incident

The Attack

The automotive industry has faced an unprecedented challenge: a cyberattack targeting CDK Global, a major software provider for auto dealerships. This incident has sent shockwaves through the industry, affecting dealerships across the United States. In this blog post, we’ll delve into the details of the attack, its consequences, and the lessons we can learn from it.

What Happened?

CDK Global, a company that provides software solutions to auto dealers, fell victim to a ransomware attack. The attack was orchestrated by a group known as BlackSuit, which demanded a hefty ransom from CDK. As a precautionary measure, CDK temporarily shut down most of its systems to prevent further damage and protect its customers.

Impact on U.S. Car Dealers

Several major auto dealership groups reported disruptions:

Lithia Motors: Lithia Motors, one of the largest dealership networks in the U.S., faced operational challenges due to the CDK cyberattack. Their day-to-day processes, including inventory management and customer interactions, were affected.

Group 1 Automotive: Group 1 Automotive, another prominent player in the industry, experienced delays in vehicle sales and service. The attack disrupted their ability to process transactions efficiently.

Penske Automotive Group: Penske, a well-known name in auto retail, struggled with system outages. Their sales teams couldn’t access critical information, impacting customer service.

Sonic Automotive: Sonic Automotive’s dealerships grappled with inventory discrepancies. The attack disrupted their supply chain management, leading to delays in vehicle deliveries.

Asbury Automotive Group: Asbury Automotive Group faced challenges in communicating with customers. Their CRM systems were offline, affecting follow-ups and lead management.

AutoNation: AutoNation, a nationwide dealership network, had to adapt quickly. The attack disrupted their online sales platforms, affecting customer inquiries and transactions.

How to Stay Safe?

1. Cybersecurity Preparedness

The CDK incident underscores the importance of robust cybersecurity measures. Dealerships must invest in secure infrastructure, regular vulnerability assessments, and employee training. Cyber hygiene is crucial to prevent and mitigate attacks.

2. Incident Response Plans

Having a well-defined incident response plan is essential. Dealerships should know how to react swiftly when faced with a cyber threat. Regular drills and simulations can help teams prepare for such scenarios.

3. Vendor Risk Management

Dealerships rely on third-party vendors like CDK for critical services. Assessing vendor security practices and ensuring contractual obligations related to cybersecurity are met is vital. Regular audits can help identify vulnerabilities.

Read more »
Subscribe to: Posts (Atom)