Since June 19th, car dealerships have been negatively impacted by the CDK Global cyberattack. Many U.S. dealerships’ operations shifted to manual processes after their Dealer Management System (DMS) was taken offline by a ransomware incident linked to Blacksuit. As dealer operations are now slowly coming back online (as many have reported over the weekend), here are some things to work through as you recover.
Dealerships need to be prepared to deal with the fact that their data may be exposed and should address managing the risk and impact upon the organization and strategically think through mitigations for the future.Dealerships have yet to be able to determine the scope of the cyber incident or whether their data and sensitive customer information was impacted.
Blacksuit, a private ransomware operation employs various techniques to infiltrate victims’ systems using common methods (such as phishing and/or exploiting outdated or unpatched software) and legitimate tools. They use these methods and tools for malicious purposes enabling the attackers to bypass security measures creating secure communications and long-term access to control and monitor infected systems over extended periods.
Blacksuit has leveraged a double extortion strategy in prior ransomware breaches by setting up a data leak site to coerce victims into paying the ransom demands, while having simultaneously removed customers data to one of their secure servers, which means the data is already compromised.
What could this mean for your organization?That your organization may now be vulnerable if your information has been leaked.CDK has already reported phishing activities against dealerships.
Immediate Action Items
Here are some actions to address now.
- Meet with your legal counsel to receive guidance on potential legal impacts and preparation activities. Counsel should understand the impacts on organizational risk and give clear advice on the appropriate response activities.
- Review with your employees to avoid suspicious downloads, being cautious with email attachments, and recognize phishing attempts. Reports of phishing activities have been reported.
- Review your current agreement or contract for CDK services to see if they have any information noted in their liability or limitations for liability.
- Check your cyber policy, to see if it has Third Party liability insurance and/or applicable coverage. This may help to protect from potential lawsuits and legal costs if a data breach occurred on a third party's network or systems. If you're not sure contact your insurance provider and work with them to discuss current impact and options.
- Prepare your organization to address any potential liabilities for the breach of sensitive customer information.
- What communications are required to notify customers?
- What reporting requirements do I have with respect to laws, and regulations such as FTC safeguards.CDK has been in discussions with FTC to provide an omnibus submission on behalf of dealers to meet this requirements as FTC requires non-banking financial institutions to report security breaches that affect at least 500 consumers to the FTC as soon as possible, but no later than 30 days after discovery.
- Have your technical team review the following security guidance:
- Make sure your operating systems, software, and firmware has been updated.
- Reset all password following appropriate password complexity guidelines.
- Ensure Multi Factor Authentication (MFA) is enabled for all services, particularly for webmail, virtual private networks, and accounts accessing critical systems.
- Require administrator credentials for software installations.
- Review account access privileges so only authorized users have access to only the systems they need accomplish their role/job.
- Review privileged accounts to ensure they are not recent changes to access rights or permissions.
- Monitor your network for abnormal network activity and monitor for unauthorized use of remote access software.
Staying vigilant helps safeguard against these threats.
Once operations are up and running it’s time to review strategic initiatives such as FTC safeguards and particularly business resiliency requirements.Understanding your dealerships critical systems, supporting processes, and assets as well as the impact upon your organization during an incident allows you to identify mitigation strategies so they are effectively applied.That will be for a follow up article as things begin to normalize.
Withum is on the ready to partner with Dealerships to help them navigate these challenges so don’t hesitate to reach out if you have concerns. While there will be lessons learned and things you can improve upon once things have settled our current recommendations are provided as near-term actions. This situation is ongoing, and our recommendations are subject to change based on new developments.
Author: Jason Spezzano, Executive Cybersecurity Advisor | [email protected]
Contact Us
For more information on this topic, contact Withum’s Dealership Services Team.
