top of page
Writer's pictureRich Washburn

Cyberattack on Software Company Disrupts Thousands of Car Dealerships


Cyberattack on Software Company

In a recent surge of cyberattacks, a significant incident has disrupted business at thousands of car dealerships across the United States. The attack targeted CDK Global, a key software provider for automotive dealerships, creating widespread operational chaos. This event highlights the growing threat of ransomware attacks on critical business infrastructure, underscoring the urgent need for robust cybersecurity measures.


The attack on CDK Global began last week, with an initial breach quickly followed by a second, compounding the disruption. This pattern of consecutive attacks during recovery efforts is, unfortunately, not uncommon. Cybercriminals often exploit the chaos of initial recovery to launch additional attacks, making it difficult for companies to regain control of their networks.


The immediate focus for CDK Global is containment—removing ransomware operators from their network and restoring secure operations to support their clients. The problematic trend of ransomware payments has been noted, with the U.S. being disproportionately affected due to its higher tendency to pay ransoms. This cycle of payment and reward fuels further attacks, placing U.S. businesses in a vulnerable position.


A deeper analysis reveals a geopolitical dimension to these attacks, particularly the involvement of Russian and Eastern European actors. These cyberattacks align with broader strategies by certain state actors to destabilize and inconvenience Western nations. This perspective underscores the multifaceted nature of ransomware, blending criminal enterprise with political objectives.


Ransomware attacks often exploit inherent vulnerabilities in enterprise networks, exacerbated by the products or services businesses rely on. Attackers monetize these vulnerabilities by demanding ransoms, usually in cryptocurrency, which provides anonymity and ease of transfer. Furthermore, many cybercriminals operate in regions like Eastern Europe and Russia, where they face minimal repercussions, creating a safe haven for such activities.


To combat this pervasive threat, there is a need for more aggressive responses from law enforcement and national security agencies. Recent successes, such as actions taken against the ransomware group LockBit by the U.S. and U.K. governments, are steps in the right direction. However, the need for continued and intensified efforts is paramount.


The CDK Global incident serves as another recent reminder of the persistent and evolving threat of ransomware. As businesses strive to fortify their defenses, collaboration between private sector cybersecurity experts and government agencies will be crucial in mitigating these attacks. The broader implications of these cyber threats extend beyond immediate operational disruptions, reminding us of the intersection of cybersecurity and geopolitical strategy in an increasingly digital world.


A few years ago, the company I was working for got hit with a ransomware attack. Unlike CDK Global, we ultimately decided not to pay the ransom or the exorbitant rehabilitation costs. Instead, we conducted a forensic investigation of some of the files and discovered that they weren't actually encrypted. The attackers did gain admin access and used a script to append a four-character string, which happened to be an abbreviation of our company name, to the file headers. We ended up finding that “crypto virus” script online (scary how available it was) and were able to use it to undo the extra characters from all the file headers and restore everything with zero losses. The moral of that story…sometimes the attackers are lazy, it pays to understand the attackers as much as the attack and actual encryption is harder than making files look encrypted 🤦‍♂️.





Comments


bottom of page