Getting a Second (Digital) Lock on Your Business

CDK Global is an American multinational corporation based in Austin, Texas. The company provides data and technology to the automotive, heavy truck, recreation, and heavy equipment industries. CDK Global offers integrated information technology and digital marketing solutions to these industries. Their products help integrate clients’ buying processes and include targeted advertising and marketing, as well as products for the sale, financing, insuring, parts supply, repair, and maintenance of vehicles. 

 

Many of these dealerships provide collision repair services, such as the Asbury Automotive Group. As one of the largest automotive retail and service companies in the U.S., it operates 37 collision repair centers nationwide. 

The most common effect reported by dealerships is that overall business has slowed. The Associated Press (AP) reported that a spokesperson for Stellantis mentioned that their dealerships had switched to manual processes to serve customers, which includes hand-writing orders. Several news outlets reported that the same goes for ordering OEM parts. 

 

Another spokesperson from Hawk Auto Group, a Westmont, Illinois-based dealership operator that uses CDK, lightly commented to AP that these workarounds are reminiscent of what operating a dealership was like prior to the increased use of computers. 

 

These incidents should not be seen as isolated, either. According to an April 2024 Ransomware Task Force report by the Institute for Security and Technology, there was a 37% increase in ransomware attacks on critical infrastructure reported to the FBI from 2022 to 2023. The number of overall ransomware attacks increased roughly 18%, costing victims over $1 billion in crypto payments, according to the report. David Willett, chief underwriting officer at Spark Underwriters and cybersecurity expert, mentioned that cryptocurrency is a common method of payment exchange when it comes to ransomware attacks. 

 

CNN reported, according to multiple sources, that CDK met the hackers’ demands and paid nearly $25 million to them. This is a hefty price to pay, even for a multi-billion-dollar company, and perhaps even more challenging for a smaller MSO or an independent shop that falls victim. 

 

As of July, if true, this would be just a part of the greater cost that this attack is costing the multinational corporation. As of July 24, CDK is facing at least eight lawsuits, according to CBS News, from dealerships that were affected by the June cyberattack. 

Willett  believes that CDK is another example of a malicious actor gaining access to a digital system. “It really doesn’t matter how they got in, because what they ended up doing is they got into something that’s a vulnerability within the system,” he said. 

 

FenderBender has reached out to CDK for further comment, but their senior manager of external communications, Lisa Finney, declined interview requests and has not provided any statements. 

 

These vulnerabilities often originate from reused code packed into DLLs (dynamic link libraries). To identify potential vulnerabilities in your system, you can search for known software vulnerabilities on the web. 

 

Imagine you’re building a Lego castle. You have different types of Lego blocks for different parts of the castle - some for the walls, some for the towers, and some for the gates. Now, instead of building each part from scratch every time, wouldn’t it be easier if you had pre-built sections? Like a pre-built wall or a tower that you could just attach to your castle? That would save you a lot of time and effort, right? 

 

In computer programming, a DLL (dynamic link library) is like those pre-built Lego sections. It’s a collection of small programs, or ‘blocks of code’, that can do specific tasks. When a bigger program wants to do something, like display a picture or connect to the internet, instead of building that functionality from scratch, it uses one of these ‘blocks of code’ from the DLL. 

 

Now, relating to the CDK cybersecurity situation, using our Lego analogy, imagine if one of the pre-built Lego sections had a loose brick. If you used that section in your castle, your castle could have a weak spot. In the same way, if a program uses a DLL with a vulnerability, it could be a weak spot that bad guys (hackers) could use to break into the program. 

 

These vulnerabilities are often hidden due to the reuse of code in systems, making them prevalent throughout all systems. Even if a patch is available, the problem persists because these vulnerabilities are often concealed within the system. 

 

Willett uses the analogy of a bank robber to explain the situation. Just as a bank can be robbed despite having a safe and guards, your system can be infiltrated because it has areas without safeguards due to its design. Despite cybersecurity efforts to protect these systems, if an intruder bypasses the initial barriers (like clicking on a malicious email), they can gain access to the system due to these known software vulnerabilities. 

Willett suggests that shop owners and operators have an intelligent conversation with their insurance provider and IT department to ensure recommended procedures are in place. 

 

One of the practical tips Willett shared is to have separate Wi-Fi networks for the shop and customers, and to ensure employees do not use personal devices on the shop’s Wi-Fi. 

 

“If they (employees) are using their personal devices on your shop Wi-Fi, then they’ve introduced everybody that they connect with and talk to all the time.” A common immediate response he receives after giving that last piece of advice is “we’re going to change that.” 

 

He also recommended using VPN services on phones and computers to enhance security and prevent unauthorized access. 

 

Willett said that companies often rely on backups to restore systems and assess the extent of data exposure. He pointed out the complexities involved, including the potential presence of attackers in backup systems. 

 

During his interview with FenderBender, Willett made it clear that being proactive is far more important than being prepared solely through insurance.  The reason is if it is publicly known that a company has a ransomware policy, that translates to hackers knowing they’re more likely to give them the money they demand. 

CDK’s services can make them seem like a prime target for hackers, but Willett tells FenderBender that no one is safe. 

 

“Anyone could be a victim,” Willett said. “I will tell you from my experience working in cyberspace, that I think there are nefarious actors that have been in and out of about every system they want to.”