Bad Actors Have Struck

[blueline]

I've been following this for the past few days but had no idea just how bad it was. Found out today that our dealer is affected along with 15,000 (or more) other dealers acrtoss the nation - mostly the big chains.

Referring to financials and the like: "Largest Auto Dealers Begin to Warn about Impact of Ransomware Attack Crippling Dealer Software Provider CDK"

https://wolfstreet.com/2024/06/24/large ... vider-cdk/

Today, Bloomberg reported, citing the security firm Recorded Future, that the attack had been undertaken by hacking group BlackSuit. “The cybercrime group has demanded an extortion fee in the tens of millions of dollars from CDK, which plans to make the payment,” Bloomberg said.


"There is still no information if the hackers were able to get the data of the effected dealerships’ customers, such as the data on applications for car loans."

The tech disasters get worse every day. If we're not yet totally screwed by runaway technology, we will be soon. There are no controls. No one knows what to do. Tip of the iceberg I'm afraid. Buckle up!!!

[Arne2]

The tech disasters get worse every day. If we're not yet totally screwed by runaway technology, we will be soon. There are no controls. No one knows what to do. Tip of the iceberg I'm afraid. Buckle up!!!

The problem is, most of these ransom attacks are not the fault of the technology. Most are due human failure—either a failure to spot a phishing attempt, or not following proper security processes. It's not all that easy to gain system access without having someone on the inside let them in (not intentionally, of course).

[blueline]

The tech disasters get worse every day. If we're not yet totally screwed by runaway technology, we will be soon. There are no controls. No one knows what to do. Tip of the iceberg I'm afraid. Buckle up!!!

The problem is, most of these ransom attacks are not the fault of the technology. Most are due human failure—either a failure to spot a phishing attempt, or not following proper security processes. It's not all that easy to gain system access without having someone on the inside let them in (not intentionally, of course).

Yes, and that is exactly the problem. Unfortunately, the technology allows it to happen. It won't function to its potential otherwise. The human failures, weaknesses, and bad intent - especially at the corporate level - have been front and center for a long time and yet the defenses still get breached

On a certain level the technology doesn't care who does what. By design (so that things get done with a measure of efficiency), current tech makes it way too easy to let the bad actors in, whether from bad or sloppy employees, excessive vendor access, or from those with malicious intent (especially from nation-state level players), etc.

And AI is a double edged sword. It will make security better while at the same time facilitating the bad players' abilities to penetrate more easily. The game will never end. It's a matter of who can remain on top and what resources will be committed to the fight.

Some of the warnings coming from the best security firms and consultants are sobering no matter where the at-fault blame lies.

[Arne2]

I was an email administrator for the final 10 years prior to my retirement. My system provided email to about a dozen small K-12 school districts in my county. I found that despite their intelligence, education and dedication to their jobs, educators are also either terribly gullible, or simply unable to grasp basic security protocols regardless of how often they were reminded that the IT people will NEVER ask for their email password. Successful phishing attempts were so common that I had a sign inside my office (not publicly accessible) similar to those that you see at the gates to industrial sites:

{Insert today's number} days since our last compromised email account.

It was wearying to deal with. Generally, one or more teachers would get one of the standard "we're updating the email system, please send your email address and password" phishing messages, give away their credentials, and within hours our server's IP address would be blacklisted by all sorts of other service providers. I'd spend hours or days cleaning up the mess, and within a few days it would happen again. So I totally understand that humans are the weak link, while also accepting that there's nothing we can do to keep the human factor under control. Sadly.

[blueline]

That must have been excruciatingly frustrating for you. Talk about having to sound like a broken record every day knowing that some will still not be listening.

And again, you're 100% correct. I have no doubt that the cause of this latest breach is from a similar type scenario and it is indeed sad. I certainly don't know what the answers are.

[P_Coastal]

I had a cybersecurity component to my previous job as well.
It is a very challenging space.
From C Suite investment approvals all the way down to users, unless people do the right thing instead of the minimum requirement, bad things happen. It gives me chest pains

[dr bob]

Last 30+ years in power plant automation. Part of that has been security, with active NERC/FERC involvement in writing and supporting security standards. Despite all the work, a phone call to a plant site would find that a jumper was in place so a tech could work on/remote diagnose issues from home via a public network. Perhaps the biggest offenders were corp IT folks who insisted that the internal control system systems pieces 'belonged to them', so they needed to be able to see everything from the corp side. In spite of the isolation and very strict interconnect standards like waterfall routing through non-addressable link modules. They would ping a running controller and trip the plant, in spite of very specific instructions not to connect and not to ping. Losses in the $millions per hour all in. That's the stuff the friendlies brought. Imagine the fun with actual hostiles.

No matter how foolproof you make it, there will be bigger and better 'fools' trying to un-make it.

[blueline]

I talked to someone at our dealer yesterday and the CDK ransomware shutdown has definitely created relatively severe hardships and stress for everyone there. For example, they cannot input service or sales records nor access old ones. Virtually every aspect of the dealership has been impacted. The real work will come once the systems are restored and all of the hand-written ROs and other docs have to be manually entered to get their data up to date.

I hope they catch the perp (or perps) who opened the backdoor to CDK internals. Those higher up need to be held fully accountable too, even more so than the responsible person(s), assuming it was not done intentionally. Pure speculation on my part, but I'd bet that bad or non-existent internal policies and/or lack of enforcement will be exposed. Time will tell. Hopefully the truth will be made public - we need to know so as to better prepare going forward.

Meanwhile, more warnings. This small but illustrative bit from WSJ a few days ago is another warning, one of many. Everyone needs to up their security protocol game as much as possible.

"AI Is Helping Scammers Outsmart You—and Your Bank - Your ‘spidey sense’ is no match for the new wave of scammers."


\https://www.wsj.com/tech/cybersecurity/ ... _permalink

[blueline]

A few updates from The Drive -

"Car Dealers’ Systems Won’t Be Back Online Until July, CDK Says. Worse yet, scammers are calling dealers posing as CDK employees, wreaking even more havoc."


https://www.thedrive.com/news/car-deale ... y-cdk-says


"...sent auto retailers back to the Stone Age, having to close deals and log service orders with pen and paper. Now, CDK is saying that it won’t be fixed anytime soon."