Large - Scale Supply Chain Hack On Auto Industry

Hackers are claiming responsibility for a cyberattack on CDK Global  software systems that provides software for thousands of car dealerships in the US. 

The Illinois-based company issued an urgent warning Friday 20th June, cautioning people about bad actors posing as employees during phone calls to get credit card details and access to their accounts.

CDK has said it experienced a cyber incident on Wednesday19th June and it is understood they have received a demand for millions of dollars in ransom to restore systems. US auto retailers Sonic Automotive and Penske Automotive also announced that they have been attacked

According to sources, CDK has launched an investigation by experts, notified law enforcement and has begun the restoration process. CDK said restoration will take several days. "...In the interim we are continuing to actively engage with our customers and provide them with alternate ways to conduct business," CDK said in the statement.

It is understood that CDK briefly restored some services for a few hours on June 19th, but was forced to deactivate them following a second cyber attack. 

  • The automaker Ford said that there was an industrywide system outage for dealers who use CDK. "However, many Ford and Lincoln customers are able to receive sales and service support due to alternative processes available to our dealers," they said. 
  • Sonic Automotive said its dealerships were open and it was working to minimise the disruption. The company said it was unable to determine if the outage would affect its financial condition, but that it did have a "negative impact" on its operations.

CDK has warned its customers that that their systems likely will not be available for a number of days. 

CDK Global   |   Reuters   |     Bloomberg   |    USA Today   |    Fortune   |   MSN   |    Yahoo   |     Mail   

Image: Denin Lawley

You Might Also Read: 

Toyota Shut Down Japanese Plants In A Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Leveraging The Benefits Of LLM Securely 
The Psychology Of GenAI Manipulation »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

Uleska

Uleska

Uleska is a scalable platform that provides automated and continuous software security testing whilst translating cyber risk.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

Cyber Security Certification Australia (CSCAU)

Cyber Security Certification Australia (CSCAU)

CSCAU is the world’s first 'for mission' industry council set up to address small and medium-sized business (SMB) cyber resilience through annually updated certifiable standards.