Cyberattacks Are Growing and Becoming More Sophisticated

Thousands of car dealers are facing business disruptions due to two cyberattacks this past week on a key industry software provider.

The attacks targeted CDK Global, which supplies software to nearly 15,000 car dealerships in the United States and Canada, causing shutdowns in sales, financing, and payroll systems. As a result, many dealers have had to revert to manual processes.

"Everything is messed up — we have to do everything manually," Kevin Red, a car salesman at AutoNation Honda Dulles in Sterling, Va., told The Washington Post. "There's discomfort for everybody. For us, for management, for customers."

Cybersecurity professionals estimate it could take weeks for CDK to fully restore all its systems. Numerous major auto companies, including Ford, General Motors, and Stellantis, use CDK, referred to as the “800-pound gorilla” of car-dealer software.

This incident follows a ransomware attack last month on Ascension, a Catholic health system with 140 hospitals across at least 10 states, which locked providers out of systems crucial for coordinating patient care.?

The attack forced many hospitals to revert to using pen and paper due to the inability to access electronic medical records, causing delays in patient care, including test results and medication orders.

Several hospitals had to divert patients, postpone non-emergent surgeries, and deal with a lack of access to crucial systems like patient portals and phone services. Ascension faces class action lawsuits alleging failure to protect patient data adequately.

In addition to CDK and Ascension, other major cyberattacks this year alone have included:

• UnitedHealth Group. The attack was part of a series of incidents targeting the healthcare sector, emphasizing the increasing focus of cybercriminals on this industry. The breach affected various systems, causing delays in pharmacy services, medical claims processing, and payment systems. UnitedHealth Group reported an $872 million financial hit in the first quarter of 2024, with potential costs reaching up to $1.6 billion by the end of the year.
• Bank of America. In February, a breach linked to Infosys McCamish Systems compromised sensitive information, including names, social security numbers, and account details of 57,028 customers. This breach highlighted the vulnerabilities in interconnected service ecosystems.
• Trello. In January, Trello, a software company that focuses on project management, suffered a breach affecting over 15 million users. The attack involved exploiting a public API to collect data such as email addresses, names, and usernames, which were later sold on a hacking forum.
• Microsoft. Up to 97,000 Microsoft Exchange servers were identified as vulnerable due to a critical zero-day exploit, potentially allowing privilege escalation.

Every Industry Affected

“Cybersecurity now touches every single sector and domain in the industry,” Angel J. Jones, an instructor at the University of Virginia's School of Continuing and Professional Studies told The Washington Post. “Organizations must understand their fiduciary duty to protect their shareholders and customers.”

A congressional report reveals that a hack of the Office of Personnel Management, the federal agency responsible for government employee payments and benefits, compromised the personal data of millions.

Even the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, tasked with defending against cyberthreats, experienced the indignity of a minor hack.

“The days of our data being in a drawer, a filing cabinet, or a computer in the basement are over,” Kai Degner, Senior Director of Certificate Programs at the University of Virginia's School of Continuing and Professional Studies, told The Post.

From hospitals and educational institutions to multinational corporations and small businesses, entire libraries of data have been computerized and stored electronically.

“And I don’t think most people realize the pace at which we’re digitalizing our everyday lives, ”says CISA Deputy Assistant Director Trent Frazier. “The real force driving the demand for security professionals is the incredible acceleration in the digitalization of not just the economy, but every aspect of society.”

####

This is an abbreviated version of The Rising Tide for non-paying readers. Our full story on cybercrime and eight additional stories are available in the members-only version of TRT. Become a Tide Insider and get one month free. https://barberd.substack.com/