CDK Attack: Why Contingency Planning Is Critical for SaaS Customers

  /     /     /  
Publicated : 23/11/2024   Category : security


CDK Attack: Why Contingency Planning Is Critical for SaaS Customers


Daily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week.



The nationwide impact of a cyberattack on CDK Global last week has focused attention on the need for organizations to have robust contingency plans when they rely heavily on SaaS providers for critical business functions.
The attack disrupted operations at
some 15,000 automotive dealers
around the country, forcing many to go back to using
paper forms
and manual processes for their daily operations. In forms filed with the Securities and Exchange Commission (SEC), some companies affected by the attack said CDK had informed them about requiring several days — but likely not weeks — to restore its systems. Companies that notified the SEC about being impacted by the CDK breach included
Penske
,
Group I Automotive
, and
Lithia Motors
.
CDK, which provides a suite of cloud software and services for the automotive retail industry, has not yet publicly disclosed the nature of the attack that crippled its systems. But some media outlets have attributed the attack to an East European ransomware group called
BlackSuit
. They have described the threat actor as
demanding millions of dollars in ransom
from CDK to unlock the companys systems.
CDK did not respond immediately to a Dark Reading request seeking an update on the status of the companys systems restoration efforts and whether it had been able to attribute the attack to the BlackSuit ransomware group.
Attacks like these underscore the critical need for organizations to extend their cybersecurity protections to their entire network of vendors and partners, says Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. For organizations in sectors heavily reliant on a limited number of software vendors or SaaS providers, mitigating exposure and containing disruptions via the software supply chain requires a multifaceted approach, he says. Firstly, diversifying vendor relationships where possible can distribute risk and reduce dependency on single providers.
Organizations that use SaaS services should implement formal risk management frameworks that include stringent security assessments and contractual obligations for cybersecurity standards, Steinhauer says. Collaborative initiatives within industry sectors to share threat intelligence and best practices can also help strengthen collective defenses against evolving cyber threats, he notes.
Mark Ostrowski, head of engineering at Check Point Software, says the broader takeaway from attacks like this is for organizations to assume their infrastructure is a target wherever the resources — applications, servers, and users — might reside.
Its a good idea to determine the service providers and vendors that are most crucial to your business and identify what their measures are for protecting against an attack, and for mitigating and responding to one, if needed.
Ostrowski advises that organizations keep on top of whats going on in the immediate aftermath of a disruptive cyberattack. For instance, following the attack on CDK, threat actors have been
calling customers
, apparently with information related to the breach, in what would seem to be phishing attempts.
There are lessons in CDKs apparent recovery struggles as well. Soon after the company began recovery efforts last week, it experienced a second attack, right in the midst of its recovery efforts. CDK has not disclosed much about the second attack beyond saying it forced the company to shut down most systems and take them offline.
Pieter Arntz, malware analyst at Malwarebytes, perceives that as an indication of CDK attempting to restore its systems too quickly.
Many companies will set systems back to a restore from an earlier date, but attackers can afford to linger on a system for long periods of time, Arntz said in an emailed comment. Restoring systems from, say, a week ago is often not far enough.
The CDK attack also highlights the continued — and growing —
exposure that organizations in all sectors
face via the software supply chain. According to a study by
Data Theorem
, 91% of organizations have experienced some kind of security incident tied to their software suppliers and service providers over the past 12 months.
Attacks targeting major players like CDK reveal significant vulnerabilities in critical infrastructure sectors and key industries that rely heavily on software supply chains, Steinhauer says.
These incidents expose the potential for widespread disruption and economic impact when essential services and operations are compromised, he notes. They highlight the need for stringent regulatory oversight, enhanced cybersecurity standards, and proactive defense measures to safeguard against targeted attacks on software supply chain leaders.
Strengthening cybersecurity resilience through continuous assessment, response readiness, and collaborative risk management efforts are also critical to mitigating the growing threat landscape posed by sophisticated cyber adversaries, he says.

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CDK Attack: Why Contingency Planning Is Critical for SaaS Customers