Thousands of Car Dealerships Stalled Out After Software Provider Cyberattack

A supply chain cyberattack on software provider CDK Global forced thousands of car dealerships to shut down Wednesday, a traditionally busy day for sales with the Juneteenth holiday.

Reports said the first dealerships started getting booted offline around 2 a.m. Eastern Time on Wednesday, June 19. Some shut down altogether, unable to access critical information, while others maintained some services by relying on paper records.

On Thursday morning, CDK said that there had been a second cyber incident.

"Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems," CDK said in a statement provided to Dark Reading. "In partnership with third party experts, we are assessing the impact and providing regular updates to our customers."

CDK's statement added that it took systems offline as a precaution.

"We are continuing to conduct extensive tests on all other applications, and we will provide updates as we bring those applications back online," CDK said in its statement. "Our first priority is always the security of our customers, and our actions reflect our obligation to them as a trusted partner."

Looking for Answers

The specific nature of the supply chain cyber incident and whether systems have been restored remains unclear. However, Roger Grimes, data-driven defense evangelist with KnownBe4, said he suspects ransomware.

"It hasn't been released what type of 'cyber incident' this is, but there's a good chance it's related to ransomware," Grimes said in a statement. "When more details are released, I hope part of the details include how the cyber threat made its way into CDK's systems (e.g., social engineering, unpatched software or firmware, etc.). Because in order to mitigate future occurrences you need to start with how the current incident was caused."

According to Andrew Costis, chapter lead on the adversary research team at AttackIQ, the cyber incident is far from over for dealerships that rely on CDK software.

"CDK is suffering from not one, but two cyberattacks that have caused the SaaS provider to shut down IT systems," he told Dark Reading in a statement. "Given the extensive reliance on this third-party vendor, the fallout from this attack reverberates throughout the entire automotive industry."