Managing your threat surface is always important, and perhaps no one right now knows that better than CDK Global.
CDK, which helps manage payments for auto dealers across North America, was the target of a major breach on June 19, resulting in a widespread blackout of the software that the company provides to nearly 15,000 dealerships, CNN reported.
In a memo to clients sent several days after the breach, CDK described the attack as a “cyber ransom event,” CBS reported. By July 2, “substantially all” of the affected dealerships were back online, CDK said in a statement. The company is believed to have paid a ransom of $25 million in Bitcoin to hackers connected to BlackSuit ransomware, CNN reported on July 11.
Central casting. The ransomware attack exposed the company’s centralized threat surface, said David Redekop, VP of Nerds On Site. Redekop told IT Brew that cloud services for this kind of software can be problematic.
“Typically, organizations that rely that heavily on the cloud have resiliency already baked into their architecture,” Redekop said. “What’s different here is that there literally [were] so many eggs in this one basket, or one particular vertical in commerce, that they really had no other way to get anything done except for this thing to be up and running.”
CDK’s main product is a dealer management system, or DMS, software tools for dealerships to manage sales, repairs, and deliveries, Bloomberg reported. Because the products are essential to basic functioning for the dealerships, their loss led to “mass chaos,” auto dealership marketing firm Constellation CEO Diana Lee told Bloomberg Television on June 21.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“The dealer’s required to actually run a DMS for sales, service, parts, for every single functionality—even stocking a vehicle, you can’t do it without the DMS system,” Lee said. “So, it is a disaster.”
Break up. Kerri Shafer-Page, VP of the digital forensics incident response team at Arctic Wolf, told IT Brew that offering a platform to dealerships that acts as software as a service, or SaaS, has its pros and cons. Having services centralized can, in practice, reduce inefficiencies and restrict attackers.
“If you introduce multiple different managed service providers…to conduct your business, there’s more risk involved in that, versus some groups that like CDK that claim to have a SaaS platform that can do multiple different things,” Shafer-Page said, though she added that “diversifying is important—so if you’re going to have multiple different vendors, how tight are your controls to figure out what they’re allowed to come in and do?”
Offering only one way in means that once attackers breach the system, they have wide access. One way to avoid those kinds of threats, Redekop advised, is to disperse vendor responsibilities.
“The steps to take to protect yourself at this point would be to abstract all these aggregated services,” Redekop said. He added that “if you’re looking for a way to mitigate the risk of a single supplier that does too much, look for a set of new suppliers that interoperate together, because now, if there’s a cyberattack, it likely would only affect one small section.”