CDK Ransomware Attack Highlights Growing Threat Of Third-Party Risk: Experts

The software maker says it’s making progress on bringing dealerships back onto its core systems.

As CDK Global continues making progress on bringing customers back onto its core platform after a crippling ransomware attack, cybersecurity experts told CRN that the massive disruption to car dealerships is another sign of the trade-offs involved in the growing dependance on third-party IT services.

“With the reliance on SaaS-based solutions and other service providers, the relevance of third-party risk management is huge,” said Mark Lance, vice president for DFIR and threat intelligence at GuidePoint Security, No. 39 on CRN’s Solution Provider 500 for 2024. “This is obviously a system that a lot of dealerships rely on and without the ability to leverage it, there’s large impacts.”

Austin, Texas-based CDK, a provider of software used by 15,000 dealerships, shut down most of its systems after cyberattacks struck on June 18 and 19. CDK provides SaaS-based CRM, payroll, finance and other key functions for dealerships, and has said it expects to need through the weekend to recover from the attacks.

The saga has been reminiscent of another widely felt cyberattack, the February ransomware attack against UnitedHealth-owned prescription processor Change Healthcare. The incident caused massive disruption in the U.S. health care system for weeks — preventing many pharmacies and hospitals, as well as other health-care facilities and offices, from processing claims and receiving payments.

Both the CDK and Change Healthcare attacks are a stark illustration of “just how interconnected everything is,” regardless of what industry you’re in, said Tony Cook, head of threat intelligence at GuidePoint. For many organizations today, it can be shocking to realize the full scope of third-party systems are needed for normal operations, he said.

Ultimately, the attacks “show how important security is when you're connected to all of these other [systems] that are playing a big role in everybody's lives,” Cook said.

Restoration Progress

In a recorded message for customers heard Friday, CDK said it is “continuing the phased approach to the restoration process.”

The company said it has now brought “one of our large public dealers” back on to its core dealer management system (DMS), along restoring the DMS access for a second “small group” of dealerships. CDK had said the first small group was restored onto its DMS system Thursday.

The company added in the recorded message that it expects “our customer care channels will be live tomorrow late afternoon” and that it is “actively working on bringing other applications live.”

CRN has reached out to CDK for comment.

Earlier this week, CDK said it was aiming for June 30 as the earliest date for ending the outage that has disrupted thousands of car dealerships.

While CDK was working to recover from the first attack last week, the company said it was struck by a second attack.

“Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems,” CDK said in a previous statement provided to CRN.

The system shutdown resulted in an outage that has severely affected thousands of car dealerships.

CDK has declined to comment on media reports indicating that the company was planning to make a ransom payment, purportedly worth tens of millions of dollars, with the goal of recovering its systems more quickly.