The ongoing cyber attack on CDK Global underscores the growing complexity and impact of cybersecurity threats on businesses. As part of CDK Global’s ongoing response, the company has created a Dealer Resource Center (DRC) to help dealerships maintain operations while their systems are being recovered. The company also encourages dealers to access CDK University for necessary training and support.
In a recent Instagram statement, the company acknowledged the uncertainty surrounding the recovery timeline, stating, “We do not have an estimated time frame for resolution, and therefore, our dealers’ systems will likely be unavailable for several days.” This prolonged downtime has left many dealerships struggling to process sales and manage operations.
According to Pieter Arntz, Malware Analyst at Malwarebytes, highlighted the unusual nature of CDK Global being hit by a second attack while still recovering from the first. He suggested that the rapid restoration of systems might have allowed attackers to linger: “Restoring systems from, say, a week ago is often not far enough. Attackers can afford to linger on a system for long periods of time.”
Moreover, Andy Thompson, Offensive Cybersecurity Research Evangelist at CyberArk, speculated on the possibility of multiple threat actors being involved. He states, “We saw this play out in the RNC hack back in 2020, where multiple nation-state threat actors were embedded in the RNC networks, unbeknownst to each other. This potentially sounds like one of those situations.”
Thompson also discussed the evolution of ransomware tactics, such as polymorphic malware and intermittent encryption, which complicate detection and response efforts.
“We appreciate your patience as we recover from this cyber attack,” CDK stated. “Please visit the Dealer Resource Center and CDK University for the latest updates and support.”
The ongoing cyber attack on CDK Global underscores the growing complexity and impact of cybersecurity threats on businesses. As CDK works to restore its systems, expert insights provide valuable context on the nature of these attacks and cybercriminals’ evolving tactics. Dealerships are encouraged to utilize available resources and remain vigilant against further threats.