Cyberattacks are so common these days that it’s hard to care when you hear about another one if it doesn’t impact you directly, but the massive attack on dealerships this week is a huge deal as it could cripple thousands of dealerships on one of the biggest selling weekends of the year. And that’s to say nothing of the data concerns.
As if things weren’t already a bummer, a supplier that’s supposed to help Ford ship its NACS adapters to Mach-E and F-150 Lightning owners has hit a snag and it’s slowing everything down. That’s not as big of an issue for hybrid owners, who don’t have to plug in, and new projections show that there will be more and more of them going forward.
And finally, the R35 GT-R will soon be no more, but at least we have the memories.
We Don’t Really Know How Bad The CDK Global Cyberattack Is Going To Get
Last Friday, giant dealer back-end services company CDK Global put out a blog post underlining how important the start of the summer is to the roughly 15,000 dealers it serves.
Whether you consider summer starting on Memorial Day, the last day of school, or the official start on June 20, it starts at dealerships much sooner. Millions of families are planning their vacations, and according to experts at The Vacationer, nearly 80% of people say they’re planning a road trip this summer. Memorial Day road travel was the busiest in 20 years according to AAA.
For dealers, this presents increased opportunities for vehicle sales, service and, of course, revenue.
The issue for dealers who use CDK Global’s dealership management system (DMS) tools is that they might not be able to do sales or service right now. As previously reported, CDK Global shut down all its services on Wednesday due to a “cyber incident.” This meant that dealers, depending on how many of CDK Global’s services they use, were restricted from using any digital tools to sell cars, track sales, schedule service, and possibly even answer the phone.
CDK Global said the issue was handled quickly, but then said a second attack forced them to shut down on Wednesday night and many of their systems have been down ever since.
According to Automotive News, this is likely to continue through the weekend at least:
CDK’s shutdown threatens to disrupt thousands of new-vehicle transactions taking place each day across the North American auto retail segment right in the heart of summer sales promotions and the industry’s intense push to avoid inventory buildups on dealer lots. Moreover, the cyberattack has raised alarms about security in the DMS business after other cyberattacks have disrupted operations at casinos, financial institutions and hospitals.
Dealers are finding creative ways around this, including relying on automakers for additional help closing deals and doing everything using paper.
Why is this such a big deal? First, it’s an issue of scale. Last year the industry was worth about $1.2 trillion to the U.S. economy and this is one of the busiest weekends of the year. Almost 2 million people work for auto dealers in the United States and this is hitting about half of dealerships (plus probably more truck dealers). If hourly employees can’t work or get paid that’s going to have an impact on their lives and the economy at large, depending on how long this lasts.
Second, and scarier, is that CDK Global hasn’t, so far as I’ve seen, fully explained the scope of the attack. A car dealer generally needs a huge amount of data in order to sell a car, especially for financing a car. How much of that data is at risk?
The unknowns in this story are as scary as the knowns right now.
If You Haven’t Gotten A Ford/NACS Adapter You Might Have To Wait A Bit Longer
When Ford announced it was switching over to the Tesla/NACS charging standard it created a stampede of automakers saying they’d do the same. Earlier this year Ford started rolling out an adaptor to make its existing vehicles work on Tesla superchargers, but that’s now hit a snag.
“The supply is constrained,” said Ford spokesman Marty Gunsberg. “Sales are up and customers continue to reserve their complimentary adapter. We keep getting reservations.”
Ford customers waiting for their adapter have received emails saying shipment dates are delayed.
This is not an issue of Ford underestimating demand, Gunsberg said. “We’re not overwhelmed. This is what we anticipated. While we’re shipping weekly, reservations continue to come in.”
Ford isn’t saying which supplier is slowing them down.
How Many Hybrids And EVs Will There Be In 2030?
S&P Global Mobility has revised its forecast for the powertrain mix in the United States and, yup, there are projected to be a bunch of hybrids in our future. Looking at that chart above you can see EVs continuing to grow, with mild/full hybrids filling up a lot of space, as well as more range-extended EVs.
As we edge closer to 2030, BEVs and hybrids are likely to steer the future of transportation in North America. Despite more rapid electrification in other regions, North America’s production trails slightly, at just between 9% and 10% for BEVs and fuel cell vehicles. However, projections suggest a significant leap, with 44% of vehicles forecasted to be BEVs or fuel cell models by the decade’s end.
Bring back the i3? Clearly, BMW should bring back the i3.
Remembering The R35 Nissan GT-R
The R35 Nissan GT-R is no more after this year, which is sad, though the car has been on sale almost the entire time I’ve been in this biz so maybe it’s the car’s time (but not mine).
Nissan reached out to a bunch of auto journalists to remember Godzilla, including MotorWeek‘s John Davis and MotorTrend‘s Frank Markus. You can read all the remembrances here. Here’s mine:
I debuted in the automotive world in 2007, right around the same time as the Nissan GT-R, though the R35 did it to far more fanfare and acclaim. It’s almost impossible to convey in words how much the R35 dominated the attention of car fans back in the early blog era. It wasn’t a car, it was the car. If we were having a slow news day, we always knew that publishing anything with a GT-R in it was a guaranteed hit.
How could it not be? The GT-R had concept car looks, stats to rival the best supercars of the day and was initially offered at a surprisingly achievable price. In spite of writing about it from the beginning, I didn’t get a chance to put real miles on one until years later. Somehow, after years of hype, the R35 Nissan GT-R managed to exceed my impossibly lofty expectations.
So long, GT-R! I can’t wait to meet the next one.
What I’m Listening To While Writing TMD
Today was going to be Janis Joplin doing “Summertime” but I’ll save that for next week, because this is what I’m actually listening to today. Bonus points if you can name the singer here.
The Big Question
When was the last time you had an interaction with a dealership? If you work for a dealer, what are the vibes?
Top photo: CDK Global
I m working at adealership in downtown Los Angeles, parts department
First day was awfull, all at standstills and we just did organizing and try to figure out how to keep going. Second day, we got a little better. created invoice from Excel, figure how to create order, good old pen and paper for service, and having service giving a copy of the work.
so, we quickly where able to figure out things to keep business up, and find workaround and solutions. The company I work with was also at HQ trying to get solutions for sales and finance to proceed deal, and keep track of inventory.
not business as usual, but we keep on going, even if things are slowed.
When was the last time you had an interaction with a dealership? Last one I recall was bringing in a car for recall work. Upon pickup I was asked if I would like a free estimate for a trade in. Sure, why not.
The estimate was a laughable lowball of about half what similar cars were going for on CL. When I mentioned that to the estimator he shrugged and agreed but made no move to adjust the offer.
I bought my Mitsubishi in 2018. I knew the model I wanted, and after a test drive I knew which trim I wanted. I had brought my dad (a former car salesman) with me because the dealership was not far from his home.
Once the model & trim were determined, the salesman got out a blank piece of paper with squares on it. My dad said, “You are not seriously dragging out the foursquare in 2018”. The guy chuckled and basically said “We still use it because it still works for us”.
The financing & paperwork process took an unbearable amount of time, but ultimately I stuck with everything because they were giving me a fair deal. In terms of cars that I have bought in my life, the quickest dealers to get me out the door were Saturn & Fiat, and even those took about an hour.
I also used TrueCar once, and that saved me a ton of time. I had the price ahead of time, and the dealer honored it. And the transaction was handled by the internet sales department rather than the showroom vultures, so there was no upselling and I was done in about an hour.
Hope Sandoval, great album, haven’t heard it in ages. The last dealership (Honda) experience for sales was great as was service at a different dealer. Total time from walking in to done, was about 2 hrs over two days, including test drive. I knew what I wanted and had narrowed the field to Camry, Accord and Malibu or Impala. The chev dealer FAFO’d doing the manager approval shtick and I walked out on him (he called me every day for the next 2 weeks, I reminded him that I told him no games, this is what want and what I’m willing to pay). The Camry didn’t fit in spite of the sales unit raking my seat back about 40 degrees so my head cleared the roof.
On the cyberattacks, 3 likely candidates, Russia, China or North Korea. Load up the sanctions cannon and fire for effect at all three just because.
EV are dead to me. Hybrid and phev don’t have the range I need. The Honda shall soldier on until the market matures. Haven’t convinced the wife that we should wait a few more years to replace the Subaru but I’ll likely lose that debate.
How does a hybrid not have the range you need? There are hybrids that probably have more range than any vehicle other than a Kenworth.
If I have to go to the office it’s 50 miles each way which is outside of most hybrid battery packs range. PHEV is pretty much the same and there is no local charging at the office. I refuse to pay the premium vendors are charging for hybrid or phev as the payback is greater than 10 years on the delta between a IC, hybrid or phev at current fuel prices. I looked hard at the Volt when it was new and in the second generation but the value proposition just wasn’t there. Long distance trips are even worse.
You do realize there is no “range” specifically for a non-plug-in hybrid’s battery? It’s just improved fuel economy and a different powertrain but still an ICE-powered car. They don’t drive on electric power only for significant periods of time. A Highlander hybrid can crest 600 miles of range on a tank even if EV only mode can only go maybe a mile but it’s not supposed to be used often like that.
I am quite aware of that limitation and am not willing to pay a premium for something that does not work in my situation. As I stated, the premium charged for the limited utility is not worth the investment. My Honda gets quite good fuel economy and I fit in it. Most of the hybrids are that I am able to fit in are suv or cuv which I detest. Once this technology matures I will probably take the step, but the market currently does not provide a vehicle suitable for my requiirments. I am not interested in early adoption, virtue signaling, or trend chasing what is effectively an appliance. For the price delta I can purchase a nice classic toy.
I compare all of my experiences to when I worked for the local Ford dealer and every person who came in to buy a car seemed like they were in the place for 4-6 hours, honestly I have no idea why selling a car took so freaking long there. Some folks were not pleased about it. Selling a car close to closing was a death knell, you weren’t leaving until 10-11PM.
I have an acquaintance at the VW dealer service desk so its always great there, plus when we got the GLI there it was smooth, no BS. When we got the Audi Q3 that dealer was also no shenanigans as it was during the pandemic, I did virtually all of the sale through text and email and just went and signed a few things a drove off in about 15-20 minutes. When we got the Audi A3 at the local Audi dealer they were also a no BS place and didn’t try to upsell and crap and was a quick experience.
The first and only time I bought a car was in 2005 (I still use the vehicle as my daily driver…and for road trips…and to haul things I should not be hauling in a coupe…and for everything else).
It was custom ordered through e-mail: 5 minutes total on my end to send specs, get a quote, and say “Yes, I accept” (three e-mails). 1 minute in the dealership to drop off the deposit check. 5 minutes to sign some paperwork, grab my keys, hop into my car, and drive off.
I will never buy a [new] car in any other way.
I had a pleasant interaction at a Honda dealer a couple of months ago, but I told him I was just looking and specifically it was about looking how I fit in the Civic because I was looking into the Civic Hybrid which wasn’t yet out. Sales person was very accommodating. Not sure how the actual dealing would turn out, because we’re not there yet, but it was low key and he answered questions well. Including saying I don’t know to a question we didn’t have an answer to at that point. I had an unpleasant experience with a Kia dealership in early 2023. But apparently that’s to be expected.
My memory of the R35 GT-R is not about driving one, I’ve never had the opportunity. Instead it’s that of a kid “living the dream.” I’m watching this red GT-R move very slowly through a parking lot piloted by a kid who looked like he was barely of legal driving age. In the front passenger seat is an man older than the driver, I presume to be a parental figure. Kid looked absolutely terrified he was gonna do something to damage the car. It was at this point I realized he had the look I would have had if my dad had allowed me to drive his Corvette when I was a kid.
I had a pleasant interaction at a Honda dealer a couple of months ago, but I told him I was just looking and specifically it was about looking how I fit in the Civic because I was looking into the Civic Hybrid which wasn’t yet out. Sales person was very accommodating. Not sure how the actual dealing would turn out, because we’re not there yet, but it was low key and he answered questions well. Including saying I don’t know to a question we didn’t have an answer to at that point. I had an unpleasant experience with a Kia dealership in early 2023. But apparently that’s to be expected.
My memory of the R35 GT-R is not about driving one, I’ve never had the opportunity. Instead it’s that of a kid “living the dream.” I’m watching this red GT-R move very slowly through a parking lot piloted by a kid who looked like he was barely of legal driving age. In the front passenger seat is an man older than the driver, I presume to be a parental figure. Kid looked absolutely terrified he was gonna do something to damage the car. It was at this point I realized he had the look I would have had if my dad had allowed me to drive his Corvette when I was a kid.
Decided it was time to trade my old vehicle in on a new one. Much research later, I tried to work with the closest dealership. They spent a lot of time talking while I was trying to decide what I liked and what I’d learn to live with, and what was a dealbreaker. Turns out they had one model on the lot of what I wanted and it was hideous – matte grey finish that looked like primer.
They would not back off MSRP, would not disclose current finance APR deals, and were talking about additional significant fees for a local dealer trade. The dealership’s air conditioning was out, the lot was a disaster due to construction, the building was a dump. I finally told them, hey, I need to leave folks. Three hours wasted, most of it waiting around. They were definitely affected by this cyber event as well.
I contacted another nearby dealer at 10pm on Wednesday. I figured they’ll get to me in the morning. Told them exactly what I wanted, gave them a stock number and told them I’m ready to buy on the right deal.
Instead, the salesperson responded immediately, asked a few questions, set up a lunch appointment and said he’d have the car ready to drive for a test on arrival.
The next day (Thursday), a couple hours ahead of my appointment, he called me to apologize, because the car I specified had sold. He asked if I would consider another color with the exact same equipment. As long as it isn’t matte gray, I told him.
I arrived and he walked me to car that literally had just rolled off the truck. Wheel still clad in plastic covers. Entire thing was wrapped up! He made good on his promise – same equipment, and pearlescent white.
We drove an identical model (different color) and he let me evaluate and ask questions. We walked in the office, and when he said let’s talk numbers, I showed him my notes, and circled two numbers – dollar value of my trade and the amount to finance (including fees, taxes, and after trade value and rebates/cash back deals). This was below MSRP, but still in a fair range per research.
I told him, if you get a yes, you got a deal. If not, I have another appointment with another dealer tomorrow and will present the same to them.
He returned with a yes within 2 minutes. I picked the car up last night, neat as a pin, and while I was signing the paperwork, all of my belongings and tag, were transferred over. He handled setup of the telematics and remote access. And they were not affected by this cyber event.
TL;DR version – it helps to be a prepared serious buyer, but this dealer was incredibly pleasant to work with. And they have a hella good service department.
Congrats on the new whip!
It sucks so many dealer over complicate what should be a simple transaction. Agree to a fair price, no “gotchas”, let me pay however I want to pay, provide a basic level of service.
But to your point, most customers are not well prepared. It either leads to them getting ripped off, or being completely unreasonable. People have no idea what a good price is, never mind what a “fair price” is.
I remember selling cars with relatively low markup compared to say a domestic pickup truck, and you’d get someone coming in going “well they advertise $10k off at the Chevy dealer, how come your discount is so low”. Our sticker price was maybe $2k over invoice. Those discounts are for more expensive vehicles. Sometimes you just had to stop wasting your time. You could offer them the deal of the century and they wouldn’t buy it. It was best to just sweep em out and let them go try and get $10k off somewhere else.
Decided it was time to trade my old vehicle in on a new one. Much research later, I tried to work with the closest dealership. They spent a lot of time talking while I was trying to decide what I liked and what I’d learn to live with, and what was a dealbreaker. Turns out they had one model on the lot of what I wanted and it was hideous – matte grey finish that looked like primer.
They would not back off MSRP, would not disclose current finance APR deals, and were talking about additional significant fees for a local dealer trade. The dealership’s air conditioning was out, the lot was a disaster due to construction, the building was a dump. I finally told them, hey, I need to leave folks. Three hours wasted, most of it waiting around. They were definitely affected by this cyber event as well.
I contacted another nearby dealer at 10pm on Wednesday. I figured they’ll get to me in the morning. Told them exactly what I wanted, gave them a stock number and told them I’m ready to buy on the right deal.
Instead, the salesperson responded immediately, asked a few questions, set up a lunch appointment and said he’d have the car ready to drive for a test on arrival.
The next day (Thursday), a couple hours ahead of my appointment, he called me to apologize, because the car I specified had sold. He asked if I would consider another color with the exact same equipment. As long as it isn’t matte gray, I told him.
I arrived and he walked me to car that literally had just rolled off the truck. Wheel still clad in plastic covers. Entire thing was wrapped up! He made good on his promise – same equipment, and pearlescent white.
We drove an identical model (different color) and he let me evaluate and ask questions. We walked in the office, and when he said let’s talk numbers, I showed him my notes, and circled two numbers – dollar value of my trade and the amount to finance (including fees, taxes, and after trade value and rebates/cash back deals). This was below MSRP, but still in a fair range per research.
I told him, if you get a yes, you got a deal. If not, I have another appointment with another dealer tomorrow and will present the same to them.
He returned with a yes within 2 minutes. I picked the car up last night, neat as a pin, and while I was signing the paperwork, all of my belongings and tag, were transferred over. He handled setup of the telematics and remote access. And they were not affected by this cyber event.
TL;DR version – it helps to be a prepared serious buyer, but this dealer was incredibly pleasant to work with. And they have a hella good service department.
Congrats on the new whip!
It sucks so many dealer over complicate what should be a simple transaction. Agree to a fair price, no “gotchas”, let me pay however I want to pay, provide a basic level of service.
But to your point, most customers are not well prepared. It either leads to them getting ripped off, or being completely unreasonable. People have no idea what a good price is, never mind what a “fair price” is.
I remember selling cars with relatively low markup compared to say a domestic pickup truck, and you’d get someone coming in going “well they advertise $10k off at the Chevy dealer, how come your discount is so low”. Our sticker price was maybe $2k over invoice. Those discounts are for more expensive vehicles. Sometimes you just had to stop wasting your time. You could offer them the deal of the century and they wouldn’t buy it. It was best to just sweep em out and let them go try and get $10k off somewhere else.
“How Many Hybris And EVs Will There Be In 2030?”
I’m guessing there’s gonna be some overlap between a ‘PHEV’ and a ‘REEV’
“When was the last time you had an interaction with a dealership? ”
I had one about a week ago to test drive a used Prius Prime… it was fine.
“How Many Hybris And EVs Will There Be In 2030?”
I’m guessing there’s gonna be some overlap between a ‘PHEV’ and a ‘REEV’
“When was the last time you had an interaction with a dealership? ”
I had one about a week ago to test drive a used Prius Prime… it was fine.
I have a 2000 Windstar that I was dailying until it decided it was stolen and shut off won’t start again (cranks, no start). Did all the troubleshooting I could with no solution, had a mobile mechanic look at it and he did the same things I had done and didn’t have a solution. Contacted the local Ford dealer to arrange for diagnostic. They never replied. I have however gotten onto their mailing list for “sales”. I’ll never set foot in there again.
Is the key icon on the dash blinking or solid? My 1999 Explorer recently had an incident with the Passive Anti-Theft System (PATS). It would blink and crank but not start, and all the normal troubleshooting couldn’t give me a definitive answer. I downloaded Forscan and bought a USB-to-OBD cable and was able to scan the PATS module to find that the key halo (the sensor around the ignition switch that scans the chip in the key) wasn’t responding. Luckily, it ended up being a low battery voltage issue (alternator died), and once I replaced the battery and alternator the key halo initialized properly all was good, but the key halo is a very common part to fail and cause the crank/no start condition on Fords of that generation.
Blinking light with code for theft. Forscan was not able to communicate with the PCM. Troubleshooting showed voltage to the PCM so the steps indicate replace PCM. I tried one from the junkyard, and a reprogrammed one from FlagshipOne. Still no communication.
I have a 2000 Windstar that I was dailying until it decided it was stolen and shut off won’t start again (cranks, no start). Did all the troubleshooting I could with no solution, had a mobile mechanic look at it and he did the same things I had done and didn’t have a solution. Contacted the local Ford dealer to arrange for diagnostic. They never replied. I have however gotten onto their mailing list for “sales”. I’ll never set foot in there again.
Is the key icon on the dash blinking or solid? My 1999 Explorer recently had an incident with the Passive Anti-Theft System (PATS). It would blink and crank but not start, and all the normal troubleshooting couldn’t give me a definitive answer. I downloaded Forscan and bought a USB-to-OBD cable and was able to scan the PATS module to find that the key halo (the sensor around the ignition switch that scans the chip in the key) wasn’t responding. Luckily, it ended up being a low battery voltage issue (alternator died), and once I replaced the battery and alternator the key halo initialized properly all was good, but the key halo is a very common part to fail and cause the crank/no start condition on Fords of that generation.
I was at my Subaru dealership last weekend for oil change/tire rotation. My purchasing experience was relatively painless and the service dept. is always friendly and pretty quick. I’d buy again from them, but I don’t want another Subaru!
I was at my Subaru dealership last weekend for oil change/tire rotation. My purchasing experience was relatively painless and the service dept. is always friendly and pretty quick. I’d buy again from them, but I don’t want another Subaru!
The last time I went to a dealer was when the MAF sensor failed on my Mazda. I read out the codes and knew exactly what the problem was. I would have fixed it myself, but none of the local parts places actually stocked the Mazda sensor.
The dealership naturally wanted nothing to do with quickly swapping out a MAF sensor without doing their own eval, and couldn’t take my car for two weeks. I’m sure everyone knows how joyful it is to drive a modern car with a bad MAF sensor…and yet, that wasn’t urgent enough for them. Drove my wife’s car for a while, and when the appointment was up, I told them their inability to schedule a quick appointment for an un-driveable car guaranteed that I’d never be back.
That was 6 years ago. 4 years ago I bought a Tesla… and really kinda like the dealership-free experience.
The last time I went to a dealer was when the MAF sensor failed on my Mazda. I read out the codes and knew exactly what the problem was. I would have fixed it myself, but none of the local parts places actually stocked the Mazda sensor.
The dealership naturally wanted nothing to do with quickly swapping out a MAF sensor without doing their own eval, and couldn’t take my car for two weeks. I’m sure everyone knows how joyful it is to drive a modern car with a bad MAF sensor…and yet, that wasn’t urgent enough for them. Drove my wife’s car for a while, and when the appointment was up, I told them their inability to schedule a quick appointment for an un-driveable car guaranteed that I’d never be back.
That was 6 years ago. 4 years ago I bought a Tesla… and really kinda like the dealership-free experience.
Ransomware. It’s not an attack, it’s an extortion. As is usually the case, the PR people are desperately endeavoring to obfuscate this by calling it a cyber attack. This was a hack. The hackers have likely been in their systems for awhile and installed redundant back-doors. The ‘attack’ was merely the next step when the hackers started encrypting files and CDK went ‘Oh Shit!’
Typically these situations end up with a payment to the hackers. However, if this is a nation-state hack, there might be additional motives at play. Whatever the case, it seems the hackers currently have the upper hand and this is nowhere nearing conclusion.
Not necessarily. They may have detected the presence of hackers on their networks before they were able to do anything. That itself is enough to cause a halt to business so they can find out what was accessible. Bad guys are usually there observing for months before anything happens.
Notice is highly regulated. If there’s any overlap in the EU, CDK needs to be understanding what was accessed and readying something for customers that might be impacted. If not… then yeah, we may see some spin in the next couple days.
It isn’t recommended to pay ransomware – and becoming much less typical as a result. Largely because it doesn’t guarantee that the data will be returned. Companies that do pay only get their data back about half the time. When they do get it back, they’re on the short list to infect again. Restoring backups is the best defense (assuming they have them).
(We’re not far from assuming they’re all nation state attacks at this point)
If it’s not DDoS, it’s ransomware. And in this case, we know it’s not DDoS. I’m sorry, but zero chance they proactively shut down their systems because they detected a hacker. There have been ‘incidents’, not ‘detections.’ They never would have made an announcement of just a detection either. They are almost positively cycling through backups to find something before the intrusion while still retaining current data. My guess is that their data is probably clustered with some cloud service so that they will be able to partition off the current data and recover completely. However, they may first have to build out new hardware if the hackers got deep enough.
Notice may be highly regulated, but I suspect not everyone always follows the rules to the letter. History supports this suspicion.
Yeah, it’s pure speculation, but I am obviously concerned it’s ransomware.
Pure speculation is kind of my thing. I find it often entices vigorous debate. And I usually learn so much because there are just so many smart people on sites like this. I hope you don’t mind it.
Plus it’s fun if done well.
I mean, I was correct.
The thing is, while I readily acknowledge it was speculation, the reason I was so certain about it is that the circumstantial evidence really left no other sensible conclusion. In my mind, it simply could not have be anything but. What it seems I was/am incorrect about is the availability of viable backups which is both sad and frustrating. I hate ransomware operators so much that I have advocated (only half-jokingly) for years for literally any measures to take them out, up to and including drone strikes. I’m normally far less extreme, but when it comes to these fuckers, I get radical.
It likely would have eventually turned into ransomware, but it’s absolutely not guaranteed to be there yet. I’d highly doubt DDoS. Could be espionage too.
Many years working in cybersecurity for a managed security provider tells me that businesses shut down all the time when activity is detected. The entire industry is about finding the bad guys before they can carry out their plan. So the chances of this happening are WAY bigger than 0%. I know of a group of SOC guys that are stopping stuff daily. When detected, you still have to lock down and figure out what they had access too. The “plan” might not have been carried out, but they’re still exfill’ing data for the 90 or so days they sit on the network determining what’s valuable.
It’ll be very interesting to see what they do say when they disclose more.
“The hackers have likely been in their systems for awhile”
Not necessarily.
It could be something like an employee with too much network access clicking on a malicious email attachment that double and triple zips and encrypts network drive data and then you have to call the criminals to get the decryption key.
The ‘hackers’ don’t actually need to be in the network to pull that off. All it requires is sending an email combined with end-user stupidity.
Most likely what they are doing now is restoring data from backups… or restoring data from offline backups if it was really bad.
The average time hackers are on a network before doing something is around 90 days. I saw cases where hackers were on a network for over 200 days. If they got lucky and caught them right away, yeah. Could be quick. If it’s an organized group, companies have to assume they’ve been there for months.
Also time on the network would depend on what their intent was, ransomware vs taking over a system etc.
You don’t know if this is true and you’re only adding to the rumors. It could be true but we’ll all have to wait it out.
I am 100% talking out of my ass. However, it always seems that when a mission critical system is taken off line these days it’s because of ransomware. And they’ve usually been there for some time. That’s all.
Dolsh obviously knows this stuff way, way better than I, but again, with financial service systems like this serving high value clients, taking down a system is always a last resort. Too much money is at play so the pressure to stay up is immense.
These days, the nation-state types can conduct surveillance on the network for a bit, which usually means they can move downstream (IE, customers who use their software, roughly analogous to what happened with the Kaseya breach). And there’s lots of opportunities for monetization, which include:
All that said, while state actors can launch pretty long-term, high-implication attacks (like Colonial or Kaseya), stuff like the Maersk outage (which, depending on how you want to do your accounting, is the most expensive or somewhere among the three most expensive cyberattacks ever conducted) is the product of simply downloading a single instance of bad software. (Maersk becomes more collateral damage than intended target, and while the software may have been state-crafted – an unholy synergy of exploit data leaked by Snowden adn exploited by Russian cyberterrorists – Maersk was never a target).
Add plain old espionage to that list… or even a white hat hacker trying to prove something.
If I had my tin foil hat ready, I’d wonder if it was related to the recent tariffs. But that’s highly unlikely…as you said, those are long term actions and I doubt they’d be found already.
Ransomware. It’s not an attack, it’s an extortion. As is usually the case, the PR people are desperately endeavoring to obfuscate this by calling it a cyber attack. This was a hack. The hackers have likely been in their systems for awhile and installed redundant back-doors. The ‘attack’ was merely the next step when the hackers started encrypting files and CDK went ‘Oh Shit!’
Typically these situations end up with a payment to the hackers. However, if this is a nation-state hack, there might be additional motives at play. Whatever the case, it seems the hackers currently have the upper hand and this is nowhere nearing conclusion.
Not necessarily. They may have detected the presence of hackers on their networks before they were able to do anything. That itself is enough to cause a halt to business so they can find out what was accessible. Bad guys are usually there observing for months before anything happens.
Notice is highly regulated. If there’s any overlap in the EU, CDK needs to be understanding what was accessed and readying something for customers that might be impacted. If not… then yeah, we may see some spin in the next couple days.
It isn’t recommended to pay ransomware – and becoming much less typical as a result. Largely because it doesn’t guarantee that the data will be returned. Companies that do pay only get their data back about half the time. When they do get it back, they’re on the short list to infect again. Restoring backups is the best defense (assuming they have them).
(We’re not far from assuming they’re all nation state attacks at this point)
If it’s not DDoS, it’s ransomware. And in this case, we know it’s not DDoS. I’m sorry, but zero chance they proactively shut down their systems because they detected a hacker. There have been ‘incidents’, not ‘detections.’ They never would have made an announcement of just a detection either. They are almost positively cycling through backups to find something before the intrusion while still retaining current data. My guess is that their data is probably clustered with some cloud service so that they will be able to partition off the current data and recover completely. However, they may first have to build out new hardware if the hackers got deep enough.
Notice may be highly regulated, but I suspect not everyone always follows the rules to the letter. History supports this suspicion.
Yeah, it’s pure speculation, but I am obviously concerned it’s ransomware.
“The hackers have likely been in their systems for awhile”
Not necessarily.
It could be something like an employee with too much network access clicking on a malicious email attachment that double and triple zips and encrypts network drive data and then you have to call the criminals to get the decryption key.
The ‘hackers’ don’t actually need to be in the network to pull that off. All it requires is sending an email combined with end-user stupidity.
Most likely what they are doing now is restoring data from backups… or restoring data from offline backups if it was really bad.
You don’t know if this is true and you’re only adding to the rumors. It could be true but we’ll all have to wait it out.
About two years ago, I went to the dealer for what I thought was going to be a free oil change. It was a pain because the only “change while you wait” options they had were during the work week. It’s out on the edge of town with no shuttle service, so I’d end up getting an expensive Uber for drop-off service. They didn’t honor the free oil change, had a crappy “lounge” (some folding chairs near a water cooler), and took way longer than quoted. I already didn’t like this dealership, but they had the vehicle I was looking in mid-2021 for a reasonable price. That sealed the deal. I’m never giving them business again.
About two years ago, I went to the dealer for what I thought was going to be a free oil change. It was a pain because the only “change while you wait” options they had were during the work week. It’s out on the edge of town with no shuttle service, so I’d end up getting an expensive Uber for drop-off service. They didn’t honor the free oil change, had a crappy “lounge” (some folding chairs near a water cooler), and took way longer than quoted. I already didn’t like this dealership, but they had the vehicle I was looking in mid-2021 for a reasonable price. That sealed the deal. I’m never giving them business again.
Ooh ooh I know this one! It’s Hope Sandoval aka Mazzy Star. I love her work with Massive Attack.
Ooh ooh I know this one! It’s Hope Sandoval aka Mazzy Star. I love her work with Massive Attack.
Dealerships. Fuck em’ I went to one about 2 months ago, found a good deal on a 2012 prius, low miles, ran great, couple little minor dings to bumpers. They wanted 7,000$ for it. I could easily buy car out right, but wanted to finance it to help my credit a bit more. They said they couldn’t finance it but could get me in a Trax. Told them I really didn’t want to buy a car, but this deal for the Prius was good and would pull the trigger on this. Told them I had no interest in any other car and said goodbye. He asks me to wait and sales manger comes over to try and sweet talk me. I said no, and I want to leave. As I open the door to my car, of course the salesman comes running out saying they can finance it. Tells me he will call me the next day, it needed to go through inspection. Calls me 2 days later and said it failed inspection and needs to go to auction. 3 weeks later, it is still on the lot. So ya know what? Good on them for getting hacked.
Dealerships. Fuck em’ I went to one about 2 months ago, found a good deal on a 2012 prius, low miles, ran great, couple little minor dings to bumpers. They wanted 7,000$ for it. I could easily buy car out right, but wanted to finance it to help my credit a bit more. They said they couldn’t finance it but could get me in a Trax. Told them I really didn’t want to buy a car, but this deal for the Prius was good and would pull the trigger on this. Told them I had no interest in any other car and said goodbye. He asks me to wait and sales manger comes over to try and sweet talk me. I said no, and I want to leave. As I open the door to my car, of course the salesman comes running out saying they can finance it. Tells me he will call me the next day, it needed to go through inspection. Calls me 2 days later and said it failed inspection and needs to go to auction. 3 weeks later, it is still on the lot. So ya know what? Good on them for getting hacked.