Car Dealers Nationwide Hacked

[GrandpaD]

If your headed to your dealer to buy an F-150, either wait a few days or plan on spending a real long time as they handwrite the paperwork.

CDK Global, the top dealer software was hacked earlier this week, then went back up only to be attacked again. We spent a long afternoon in finance buying a 24 PB Lariat (more on that in a different thread) only to leave with a single page receipt. The majority of paperwork was done on an in-house system which we reviewed and digitally signed. We'll get the final mountain of paperwork whenever CDK gets up and running.

https://www.cbsnews.com/news/cdk-cyber-attack-outage-auto-dealerships-cbs-news-explains/

Sponsored

 

[bdginmo]

It's good that they had a backup system. I wonder how many dealers are fully reliant on CDK.

 

[Parthery]

I have another vehicle, a VW Passat, that was towed to the VW dealer here in Atlanta on Tuesday after it wouldn't start. It needs a starter. Under normal circumstances the dealer orders the part and it comes on the truck from Jacksonville overnight. However, with this mess they can't give me an estimate as required by GA law, (they can't get to the book hours for the labor), they can't get the starter from the warehouse because they can't order parts, and they have no idea when the systems will be restored. And they can't collect $$$ on an RO which doesn't exist, so essentially they are in the 3rd day of being dead in the water. They literally have no clue when I'll get the car back.

 

[GrandpaD]

It's good that they had a backup system. I wonder how many dealers are fully reliant on CDK.

Their backup system just allowed them to do some of the paperwork but it has to get into the full system so they can do all the loan stuff, DMV, etc. The majority of paperwork was done by hand and cell phone calculators. Like going back to the 60s.

It's potentially seriously ugly. What concerns me is how "deep" the hack got into the systems. Virtually every car purchase includes everything about you except maybe your blood type. As Ricky said so eloquently "Lucy, you have some 'splainin' to do..."

 

[SumGuy]

I have another vehicle, a VW Passat, that was towed to the VW dealer here in Atlanta on Tuesday after it wouldn't start. It needs a starter. Under normal circumstances the dealer orders the part and it comes on the truck from Jacksonville overnight. However, with this mess they can't give me an estimate as required by GA law, (they can't get to the book hours for the labor), they can't get the starter from the warehouse because they can't order parts, and they have no idea when the systems will be restored. And they can't collect $$$ on an RO which doesn't exist, so essentially they are in the 3rd day of being dead in the water. They literally have no clue when I'll get the car back.

A good indication of how absolutely eff’d we all are in there was a serious cyber attack.

no goods would get anywhere.

 

[fmdog44]

A good indication of how absolutely eff’d we all are in there was a serious cyber attack.

no goods would get anywhere.

was thinking the same thing like what if WWIII started everything everywhere would be hacked and nations would shoot themselves in the foot.

 

[National Superbike]

The crazy thing is that the most they will have to do is offer free credit monitoring for a year. The system is badly tilted towards protecting the corporations. A friend who is a software engineer and works in the auto dealer world, said he was on a conference call with 100's of dealers and they didn't even seem to be that worried about when they would get back up and running. They were worried about legal liability...

 

[Gonski]

I work in Cybersecurity and I was actually out shopping for a truck on the day the cyber attacks happened (how ironic).

The dealer was still able to process my credit (They had a secondary system available) and was able to complete the delivery paperwork in person today so I was able to drive off the lot thankfully.

I imagine it must be It's a pretty serious attack - likely ransomware, Am looking forward to reading the technical report once the technical details are shared in a few weeks.

As a security professional, it was quite unfortunate perfect timing for something like this to happen but it is the reality of our day in age. Use a password manager, make good passwords, don't reuse them and make sure you enable MFA on everything you possibly can.

 

[Eskram]

From what I've read, it's a ransomware attack. CDK hasn't actually disclosed anything yet, other than they were hit by another attack last evening.

Glad to see they were able to still get you going. My truck is in service, and the whole process seems slower than normal, likely because of all of that. My SA isn't happy about the situation and looked like he was going to either quit or kill everyone around him..

 

[Gonski]

From what I've read, it's a ransomware attack. CDK hasn't actually disclosed anything yet, other than they were hit by another attack last evening.

Glad to see they were able to still get you going. My truck is in service, and the whole process seems slower than normal, likely because of all of that. My SA isn't happy about the situation and looked like he was going to either quit or kill everyone around him..

Yup, something of this tier/caliber feels like ransomware. Obviously until we get confirmation it's only speculation. I am interested to hear how initial access was obtained on the CDK network.

A lot of time it really just comes down to a simple weak password on an employee's account where MFA isn't implemented correctly. I've attacked networks successfully this way many times.

The dealer today told me that they received a memo from from CDK stating to be extra cautious about their phone conversations and not to share any sensitive information over the phone. Supposedly dealerships were receiving calls, presumably from the attackers, in an attempt to actually expand their foothold onto dealer networks...crazy stuff

 

[Eskram]

A lot of dealers are jumping ship to R&R or DealerTrack. I'm sure it's a painful process, but I understand ya gotta do what ya gotta do. Multiple days of fuckery and losing money, time and possibly employees is going to add up.

Sadly, they should just pay the fee to get things back up, and hope the thieves are somewhat honorable afterwards.

Edit: https://www.reddit.com/r/serviceadvisors/ is a fun place now.

 

[Natetroknot]

So many disruptions to systems like this lately, 911 service and cell networks have been hit often around here in Iowa. And swatting calls to schools has ended with the summer’s beginning but those were out of hand too. I’m sure it’ll get worse before it gets better. Our way of life has way too much reliance on this stuff, take me back to the 50’s please and thanks.

 

[Mtnman1]

Its amazing how few companies/corporations have backups.

With proper server backups, ransomeware attempts are nothing but a nuisance.

Restore images, change passwards, back in business.

 

[bdginmo]

Edit: https://www.reddit.com/r/serviceadvisors/ is a fun place now.

I was just getting to post a link to this subreddit as well. Obviously this is a HUGE disruption to dealers right now.

 

[Eskram]

Its amazing how few companies/corporations have backups.

With proper server backups, ransomeware attempts are nothing but a nuisance.

Restore images, change passwards, back in business.

It's not even about backups. This is a cloud reliant system that has hooks in most parts of the dealers system, and is effectively down. Restoring a backup does no good here, as they can't use it anyway. They can't do sales, service, or parts and will have to paper-it for now and re-enter everything if/when it comes back up.

I do feel for them..

Sponsored