Background on the CDK Global Ransomware Attack

Did you know CDK dominates the dealership management system (DMS) market? According to Automotive News, it maintains 50% of the market share - meaning half of the auto dealership market would be impacted if - or when - a cyberattack hit.??

Earlier this summer, CDK shared that it suffered the blow of two cyberattacks, severely affecting the operations of ~15,000 dealerships that rely on its services.? In addition to ongoing outages that led to customers having to manually process transactions, the breach also exposed third-party data and personally identifiable information (PII), and likely cost tens of millions in ransom demands.

Who’s behind the attack?

Researchers attribute the breach to BlackSuit, a nascent Eastern European threat group that first emerged in mid-2023.?

It is reported that BlackSuit is an offshoot of the RoyalLocker gang, one of several spinouts of the now-defunct Conti ransomware group.

What happened??

Experts are concerned BlackSuit used “always on” VPN tunnels to conduct its attack.?

Dealerships must configure “always on” VPN tunnels to access CDK’s data centers and use the platform.?

As noted by Jamie Moles , Senior Manager of Technical Marketing at ExtraHop, in his comments to SC Media, “Customers experience heightened risk when third-party vendors have expansive privileges to their operational environments. Unfettered access leaves a clear pathway for attacks to have ripple effects across customer network environments, exposing their sensitive information and possibly impacting their daily operations.”

For more information on the CDK attack, the financial and legal implications, and how to avoid a similar fate, read our blog: CDK Global Ransomware Attack Sends Shockwaves.