Cyberattacks Paralyze Auto Industry: What To Know

ACROSS AMERICA — Auto dealerships are reverting to paper and pen to sell cars and customers who bought a car should assume their personal information has been compromised after back-to-back cyberattacks that paralyzed the North American auto industry, cybersecurity experts say.

CDK Global, which is based just outside of Chicago in Hoffman Estates, Illinois, provides software to about 15,000 car dealerships in North America to help them with day-to-day operations. Services including digital vehicles sales, financing, insurance and repairs. Ironically, CDK Global also provides IT and cybersecurity services.

The attack has meant delays for some car buyers and vehicle orders written by hand. CDK isn’t sure how long its systems will be disrupted, but said earlier this week it could take “several days” to restore service.

CDK said in a recent update it had notified law enforcement authorities and had launched an investigation into the incident with third-party experts. The company is “continuing to actively engage customers and provide them with alternate ways to conduct business,” CDK spokesperson Lisa Finney said in the update.

At the same time, the company warned customers of “bad actors” posing as members or affiliates of CDK in a phishing scheme to try to gain system access.

Below are four things to know.

What Happened?

In a note to clients, CDK has confirmed that the incident that took down its software platform was a ransomware attack, that is one in which the targets are asked to pay ransom to gain access to encrypted files.

Attacks of this type “almost always end up being a ransomware attack,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told The Associated Press.

Such attacks have become increasingly common over the past few years, Steinhauer said, adding that “no industry and no organization or software company is immune.”

Who’s Behind The Cyberattack?

CDK itself hasn’t identified the group behind the attack, but Allan Liska, of the computer security firm Recorded Future, told Bloomberg the cybercriminals are linked to a group called BlackSuit, which security experts say is made up of Russian and Eastern European hackers with a history of working with a group known as Royal Ransomware.

Bloomberg had previously reported the hackers had demanded tens of millions of dollars and that CDK planned to pay the ransom. Companies targeted in ransomware attacks are often reluctant to disclose demands while in the midst of negotiations.

Dealerships Go Old School

Despite some hiccups associated with the software attack, dealerships are coping as best they can, writing up orders by hand and relying on alternative processes.

“The people who’ve been around longer — you know, guys who have maybe a little salt in their hair like me — we remember how to do it before the computers,” John Crane of Hawk Auto Group, a Westmont, Illinois-based dealership operator that uses CDK, told The AP. “It’s just a few more steps and a little bit more time.”

One of the biggest problems for dealerships is arranging for financing, according to Tom Maoli, the owner of Celebrity Motor Car Company, which has five luxury dealerships across New York and New Jersey.

“We are trying to keep our customers happy and the biggest issue is the banking side of things, which is completely backed up,” Maoli told CBS Money. “We can’t fund deals.”

Ransomware Attacks Are Increasing

More than 2,200 entities, in cluding U.S. hospitals, schools and governments, were targeted in cyberattacks in 2023 according to the anti-malware software company Emisoft. Private-sector companies have also been targeted.

Earlier this year, the State Department offered $10 million in exchange for the identities of the Hive ransomware gang, which the government said has been responsible since 2021 for more than 1,500 institutions in 80 countries, costing them more than $100 million.

Some cybersecurity experts say governments of countries targeted in the attacks should bam payment of ransoms. If that were to happen “we believe that bad actress would quickly pivot and move from high impact encryption-based attacks to other less disruptive forms of cybercrime,” Emisoft said on its website.

“I mean it — ransomware payments to these groups need to be outlawed, internationally,” security researcher Kevin Beaumont said. “We have to push through the short-term pain because it is the safer option. Start planning for this, signal it loudly, and do it. This one needs firm leadership from the very top, as the lobbying against will be real. Civil society needs protection via firm leadership, not leadership by a small number of firms profiting from the status quo. This is a chance for world leaders to lead when others haven’t.”

The Associated Press contributed reporting.