A software vendor has promised a quick fix to a crippling ransomware attack that has hit many of Connecticut’s car dealers — even as an expert on cybersecurity warns that more attacks are likely to impact all aspects of modern life.
CDK Global, which provides software that helps car dealers manage almost every aspect of their businesses, announced on Wednesday that it had restored part of its platform to a “small initial test group” of its 15,000 customers. “Once validation is complete, we will begin phasing in other dealers,” CDK said in a statement.
The company also promised to restore its customer relations and service software and told customers it had set up a “Dealer Resource Center” as a source of commonly used documents and forms used to sell and service cars.
Many dealerships impacted by the cyberattack have returned to paper forms as their ordering, inventory, service and other integrated systems remain offline. Cars can still be purchased at most dealerships but the transaction process may be much slower and more complex until the platform is restored.
In a recorded message to dealers earlier in the week, CDK said it did not expect to restore service to all of its dealership customers before next week.
“We understand and share the urgency for our customers to get back to business as usual, and we will continue providing updates as more information is available,” CDK said.
Blamed on an Eastern European hacker outfit, the ransomware attack started on June 19, forcing CDK to launch the first of several system shutdowns. The Texas-based software maker is negotiating to pay the hackers’ ransom to get its customers back online, according to Bloomberg News.
Hackers ramp up attacks on software platforms
Expect more cyberattacks like the one that hit CDK Global this week to target key software that manages your doctor visits, bank accounts, mortgage payments and other vital functions, said Frederick Scholl, director of the graduate cybersecurity program at Quinnipiac University.
Instead of going after individual companies, hackers are increasingly seeking out shared software platforms to multiply the impact and potential payoff of their crimes.
“We’re all dependent on this software that services companies,” Scholl said. “So yeah, we’re going to see more of these (attacks) in other industries.”
Similar recent ransomware attacks on software platforms include a hit earlier this year on Change Healthcare, a unit of UnitedHealth Group, which supplies software used in processing billions of insurance claims. Last year, a series of cyberattacks targeted MOVEit, a managed file transfer platform used by the U.S. government and major companies including Eversource, Ernst & Young, British Airways and The Hartford.
“There’s a lot, a ton of shared resources out there… there’s a lot of them in health care,” Scholl said. “Obviously, the whole payment systems, credit card systems, all these things. So I think there’s a lot of vulnerabilities out there.”
The best way to fight back against mounting cyberattacks and ransomware efforts — which are increasingly turbo-charged by artificial intelligence tools — is tighter oversight of widely-used software, Scholl said. “We just need more regulation around software, software with vulnerabilities.”
A growing cadre of cybersecurity experts trained by programs like the one at Quinnipiac are also taking on the challenge, he said.
“We have a particular course on building resilient systems, which are systems that if you do get attacked, or when you get attacked, they don’t get shut down, and you can keep running,” Scholl said.
Even so, cyberattacks are getting more sophisticated by the day. “They could get exponentially worse with the automated AI tools that are in the hands of the attackers,” Scholl said. “It’s definitely scary.”
Veteran dealership opts for rival system
Cybersecurity was a major concern for Bobby Stevens when he opted for an alternative to CDK Global software to manage his dealership, Key Chevrolet of Middletown.
“We’re one of the smart dealers,” Stevens said of his choice to use Dealertrack, a platform sold by Cox Automotive of Atlanta.
“They’ve been out several times; they’ve had these issues more than once,” Stevens said of CDK Global.
In business since 1936, Key Chevrolet is required to use a dealership management software system under its agreement with the auto manufacturer, Stevens said. “I haven’t done this stuff by hand since the ’70s.”
Despite the disruption in the industry, Stevens said he was looking forward to continued strong sales as the summer car-buying season ramps up.
“The Chevy product across the board is the best product in the world, and it is selling great,” Stevens said.
Economy braces for hit from outage
As the CDK outage drags on, experts say the attack could have a major impact on the U.S. economy as a whole — at least in the short term.
New-car sales nationwide are expected to drop by up to 7.2 percent this month compared to the same period a year ago directly as a result of the CDK outage, according to a joint forecast by analysts J.D. Power and GlobalData released on Wednesday.
“Because of the disruption to dealer software systems, June sales will not be reflective of actual consumer demand for new vehicles,” Thomas King, president of the data and analytics division at J.D. Power, said in a statement. “A significant number of sales that would have occurred in June are now likely to occur in July.”
King added, “It should be noted that a significant range of sales outcomes are possible due to the uncertainty about exactly when system outages will be resolved and what countermeasures dealers put in place to transact sales.”
Buyers and sales are likely to return once the damage has been repaired and dealers are back on their feet, King said. “Indeed, if there is one thing that the pandemic demonstrated to the auto industry, it’s that dealers are very adept at dealing with adversity and have been effective in rapidly identifying ways to deliver vehicles to buyers,” he said.