It's a done deal. They've been decrypting since late Friday / early Saturday. Just like Change Healthcare, there's no guarantee Blacksuit was the only TA with access. Knowing CDK, it would not surprise me if they weren't right back in this situation 30-60 days from now.
> it would not surprise me if they weren't right back in this situation 30-60 days from now.
man i hope they wait that long, get everyone complacent before launching again. I hope other DMS's take note and start taking security seriously, and i hope the FTC starts fining people all the way down because TOO many dealerships STILL don't have IT in any real form.
Yes BUT:
* That's not how the law is written, dealers still have liability and costs here.
* vendors won't fall in line with no pressure from the market. Dealers can't sue if there's no damages. FTC fines means dealers can turn around and sue for those costs
* anger from dealers getting fined should make all the DMS's start listening and fixing things vs "an IP restriction counts as MFA" and "no you have to use our duo, can't use your own instance" crap they pull now.
* dealers experiencing any pain will make the rest of the dealers who feel the safeguards laws are unnecessary wake up. These are perfect/ideal customers for MSPs both in size and their needs.
If the attack is global, I bet the Dutch (that's where CDK has their EU HQ) DPA is already looking into it. Depending on how the contracts with dealerships were written, and what the attackers had access too, I find it highly likely that they'll get fined. But it takes a long time.
The dealers have responsibility for the controls for systems running / integrated to their systems.
Ken Tobin, CPA CISA, 20 years in IT Audit @ global fortune 500 companies.
I was thinking the same thing. Scary. And, there really is an unwritten rule... don't kick them when they are down, especially with CyberSecurity... but.. yeah... marketing meets reality. I'm tired of the "snake oil" in our industry... it's getting better as decision makers are waking up.
I dunno I have 3 other DMS we do local support for the dealerships and they aren’t a lot better… one of them is all RDP but they won’t upgrade any clients from server 2008 because the RDP licensing “changed the way it works and they need 2008 to make it work”…
Bet the ransom is cheaper *right then* vs IT over the course of year. And this quarter or *maybe* the next is as far as anybody in the financial side of business looks anymore.
There are rumors that the ransom is 300mil, so i mean that buys a lot of security instead.
If you mean for dealers, it's easy enough to get them in line and trained for under the price of a single full time IT person so i don't see why they kick and scream so much. Never mind that most are a mess and the staff welcomes an official IT service for help with the usual SMB tech issues that were being ignored or took weeks to get fix with no one doing IT officially.
The staff of the dealer might welcome IT. But to management it's something that will cut into quarterly profit margins. And that might cause bonus targets to be missed.
As for CSK.....300 million....just this one time! They might have spent 100 million over the last ten years on IT and hardened data centers! So...the exploit is now known and patched so no reason to every worry about it again.
Still up $200 million! If we put in IT and hardened everything it would take at least two decades to make up the difference! Besides we'll just pass on the costs to our customers! Hell....lets raise fees enough to throw in an extra 20% because fuck the client!.....Because reddit I'm gonna throw on the /s just in case.
Anyway....I wonder how long before they get hit again since they have proven they will fold easy and are a soft target.
Lol! Well, that's what we've been hearing also. Possibly Wednesday. But nothing definite. I guess it would be difficult to say. Thank you for your reply.
I used to work for an MSP that mainly supported auto dealerships, most of whom used CDK. CDK (formerly ADP Drive) is pure trash and I wouldn't be surprised if they had no backup strategy at all. Everything they do, from their upcycled 1980s terminal-emulator system to their shitty / non-existent support, screams 'mismanaged company getting by on 20-year contracts signed by tech-illiterate fat-cats'.
So glad I'm no longer MSPing it, especially at shitty auto dealers. It couldn't have happened to a better company than CDK. Hope they and their worthless product strangleholding the industry go under.
You never wanted to be the last person to touch an Auto Dealership. Hot Potato. Trying to figure out which generation which gear was what.. layers of garbage in those closets.
That’s exactly what we experienced supporting a dealership. We had to fix so, so many issues from the previous MSP. We finally got it up and running then they sold to a larger auto group who had in-house. We couldn’t get to it all in the year we were there but I hope those poor bastards finally got it sorted out.
I do know everyone’s CDK password was…”password.”
"Hey, they said we needed to have a password we could remember, and I don't want to type in 38 characters every 5 minutes when it times out."
-Most dealerships, probably
They're amongst the worst clients to support. Hard to avoid when the MSP focused on that vertical, though! 😫 I've come to the conclusion that the sales and finance departments are solely staffed by folks with personality disorders (main-character syndrome, Napoleon complex, etc.). Tons of love to the technicians and parts departments, though. Those guys were always calm, cool, and professional; the only two departments in all of the many auto dealerships I've supported that were consistently staffed with cool and friendly people who didn't think they were special.
They obviously don't. Cybersecurity is the most important least important thing organizations think about.
I'm banging my head against a wall at my current MSP saying we need proper tooling in place and we need the tiers organized so sales people can go sell so we can either 1) get things up to a proper cyber security standard and 2) cover our assess so when those businesses do get compromised we can say "hey, we told ya" and then I'll be stuck working after hours for a few days.
Goodness gracious, a truly eye watering sum. If you though CDK Global’s support, engineering, cybersecurity, etc was bad before, wait until their entire corporate budget is wiped out for several years due to paying off Russian cyber-terrorist.
It was shared to me by someone currently unable to work due to the incident. It's not verified information, so please don't take my word for it.
Others on reddit also appear to be speculating in this thread.
https://www.reddit.com/r/cybersecurity/comments/1dl2kb2/anatomy_of_the_cdk_attack/l9mt710/
Just asking, I was at the tag office and they were talking an about 3.8 Billion ransom. Later in the day went to the auto parts store in a different county and they were talking about a pay off in the billions as well. Could it reach that high with US and Canada
Am I stupid? Do people just not have backups? Like, if they had any off-site, as long as it's not locally attached, accessible, basically agentless, wouldn't they be all good? MSP360, Cove, anyone half decent can be agentless or at least not allow local configuration, so they can't mess with it, forget immutability, even. Am I naive? Or are people stupid?
Dude, I've been there, feels horrible, but that was on me, didnt realize how stupid that is (veeam domain joined servers), the only thing that saved my bacon was I kept backups offsite.... I really feel for whoever is going through that....
I've seen threat actors hang around in an environment for potentially weeks before torching the environment. Even with good backups (which they WILL go after), anything after the point they got in could be compromised and easily let them re-assert access. That leaves the only choice really being to take older backups and try to restore the data only (ie. transactions) from the more recent ones.
There was a report on Wednesday that the backups were compromised. But completely agreed that having a single point of future anywhere in your DR run book is pretty gosh darn foolish.
CDK's support was never great, but it's gotten worse since they were acquired by Brookfield. I would certainly think a company with well over a billion dollars in annual revenue would have the resources to have a solid backup and disaster recovery strategy, but here we are...
The first thing any modern cryptolocker does is gain access to your backups, DR systems and offsite/cloud backups to make sure you cant simply restore. Long gone are the old days where they simply started encrypting every file the exe could get its hands on, the game plan these days is to hide and plan, making sure to cover their bases to make sure recovery is impossible.
They have a distributed cloud infrastructure, and it proliferated when one picked up the ransomware. The initial rollback attempts of one day and one week were both compromised. All the restoration did was encrypt more data. They may have core functionality by Wednesday but full integrations will be at least a week. I would also expect it to perform poorly due to the tsunami of transactions that will roll in.
They managed so many dealerships and work with other car manufacturers like Toyota, Honda, BMW, and others that it is a tall task to execute well on their scale DR plan. Most Dealerships are used to their UI, and most Dealerships are comfortable using them. Now these Dealerships are finding out
A lot of these “global” firms have the bare minimum security with 0 intent to do anything about it, complete negligence. Until personal liability is introduced it looks like it will stay this way
This post was removed because it was deemed to be promotional or for the purpose of sales. Vendor participation is encouraged. Feedback and assistance can be invaluable. However, promotion of any products, including webinars, must be kept to the Weekly Promo thread.
We are working* with a dealership affiliated with CDK. CDK hosts their AD and RDS infrastructure in their Cloud but I only briefly exchanged a few e-mails to provide a password reset script for Microsoft 365 and some other hardening suggestions. We only provide SentinelOne for their Workstations and no infections found yet but we'll be another step closer to bringing them under our umbrella.
CDK hmm, as bad as i hate to say this, i used to work for the company. once the cyber attack took place it was we will keep you updated or we will do this. here we are day 7 and nothing. no updates for dealerships or ex employees on what is happening
Attended a Gartner conference where one of the presentations touched on the difference between Caesars' and MGM's responses to their ransomware attack last fall. Caesars paid $15 Million; MGM did not pay. Caesars was down four days. MGM was down for 10 days, and it cost them $100 Million. Caesars could have paid and received nothing in return. There is no great answer if you are facing extinction because your systems are locked up, and you have no backups. FBI still says not to pay as it just perpetuates the problem, which is true. The good news is ransomware payments are generally down over all as companies who get hit have a recourse.
One reason companies aren't paying ransoms is because the stigma of being ransomed is gone. At first, it was thought of as a failure of the company, but now it's seen as an inevitability. In some instances, companies may be better prepared, but I believe it has far more to do with public sentiment. In addition, years ago if you're information was leaked, you may have been able to tie it back to a single company's cyber incident. Linking a PII leak to a unique causality would be impossible in this climate.
Ransoms are like COVID-19. You don't need to lick the handrail in a subway car; you'll get it just because it's transmissible.
100% this. I think this speaks very loudly about blindly trusting any cloud provider because of this kind of situation. They never properly invested in securing their environment and have put everyone's data at risk.
I know speaking personally for the company I work for ($400 million manufacturer), I will die on the hill of us being our own cloud. Once I retire that may change, but we are in control and know what we have protected.
Our ERP provider wants to move everyone to their cloud, and there is a snowball's chance in hell that I would ever trust them.
We do use cloud for certain things. Moved to O365 a long time ago (still glad we did in spite of Microsoft and their hot garbage). Very happy we don't have any on-premise Exhange Servers, lol given all of the vulnerabilities.
I still have customers using them. If you have 200 plus users, with the right firewall and filtering setup, it's not that bad and saves a bit of money. But it really depends on your use structure. If you need office/teams etc. or not. A lot of users don't need that stuff. I typically filter all my emails through an few outside filters anyways with an ACL limiting access. So the idea of someone getting through vulnerability is pretty low. Worst that's happened over the years is a user corrupting his own stuff via a link, but with link filtering now along with DNS filtering has pretty much cut that to zero. Everything is typically air gapped on the backups. Restore times are pretty quick. Cloud is still about double the price no matter what you do, runs slower, and has less features.
At one point I was essentially called a "stupid old boomer dinosaur destined for extinction" for saying this.
1. Not even close to a boomer. 2. Look who's laughing now Mr. "on prem is garbage, cloud is the only way" man!!!
Does anyone know how they likely gained control? Coming from someone like myself who doesn't work in cyber security is it typically a matter or something as pedestrian as socially engineered administrative credentials stealing?
They posed as a 3rd party vendor to gain access to CDK. They went so far as to get certified and groom CDK for a while before they were accepted. Problem is no one knows what vendor they are. So they are LIKELY already infiltrating Reynolds, Cox Auto, etc. They most recently attacked a police department in Kansas, and after ransom was not paid, they leaked the department's sensitive info.
Aside from 0 day attacks, compromise usually happens as a result of
* Not patching known vulnerabilities
* Misconfiguring systems
* Social engineering, typically phishing to steal creds
Attackers don't necessarily even need to compromise admins or privileged accounts with social engineering. If they can get any foothold, even with a third party or vendor, they can start working their way laterally through the organization until they get what they need.
There's no public information for the method of attack for CDK. It's just speculation until a public report is released (or there is a reliable leak).
TechCrunch mentioned that CDK will be addressing the issues now. It's definitely not the right situation to show how patient and lethargic a business is. They could have reacted earlier. And, CDK has promised to restore their IT systems within several days, and not just **HOURS**. It’s uncertain whether they’re running out of resources :(
Disgusting.
The amount of money they make and the stranglehold they have on the industry, they should be held legally responsible for this lack of accountability. I hope they disappear after this.
One take on the situation: [https://www.thebignewsletter.com/p/a-supreme-court-justice-is-why-you](https://www.thebignewsletter.com/p/a-supreme-court-justice-is-why-you)
It's a done deal. They've been decrypting since late Friday / early Saturday. Just like Change Healthcare, there's no guarantee Blacksuit was the only TA with access. Knowing CDK, it would not surprise me if they weren't right back in this situation 30-60 days from now.
> it would not surprise me if they weren't right back in this situation 30-60 days from now. man i hope they wait that long, get everyone complacent before launching again. I hope other DMS's take note and start taking security seriously, and i hope the FTC starts fining people all the way down because TOO many dealerships STILL don't have IT in any real form.
This one is not the dealership's fault, it's absolutely on CDK. They have been selling snake oil to dealers for forever.
Yes BUT: * That's not how the law is written, dealers still have liability and costs here. * vendors won't fall in line with no pressure from the market. Dealers can't sue if there's no damages. FTC fines means dealers can turn around and sue for those costs * anger from dealers getting fined should make all the DMS's start listening and fixing things vs "an IP restriction counts as MFA" and "no you have to use our duo, can't use your own instance" crap they pull now. * dealers experiencing any pain will make the rest of the dealers who feel the safeguards laws are unnecessary wake up. These are perfect/ideal customers for MSPs both in size and their needs.
If the attack is global, I bet the Dutch (that's where CDK has their EU HQ) DPA is already looking into it. Depending on how the contracts with dealerships were written, and what the attackers had access too, I find it highly likely that they'll get fined. But it takes a long time.
CDK has divested from all business outside of North America. That occurred several years ago.
The dealers have responsibility for the controls for systems running / integrated to their systems. Ken Tobin, CPA CISA, 20 years in IT Audit @ global fortune 500 companies.
I agree but whether FTC enforcement actually does anything here is the question.
Not to mention, CDK pushes hard to be full IT services for dealerships, not just the DMS.
Yes. It's almost funny. [https://www.cdkglobal.com/cdk-managed-it-services](https://www.cdkglobal.com/cdk-managed-it-services)
I was thinking the same thing. Scary. And, there really is an unwritten rule... don't kick them when they are down, especially with CyberSecurity... but.. yeah... marketing meets reality. I'm tired of the "snake oil" in our industry... it's getting better as decision makers are waking up.
I dunno I have 3 other DMS we do local support for the dealerships and they aren’t a lot better… one of them is all RDP but they won’t upgrade any clients from server 2008 because the RDP licensing “changed the way it works and they need 2008 to make it work”…
Bet the ransom is cheaper *right then* vs IT over the course of year. And this quarter or *maybe* the next is as far as anybody in the financial side of business looks anymore.
There are rumors that the ransom is 300mil, so i mean that buys a lot of security instead. If you mean for dealers, it's easy enough to get them in line and trained for under the price of a single full time IT person so i don't see why they kick and scream so much. Never mind that most are a mess and the staff welcomes an official IT service for help with the usual SMB tech issues that were being ignored or took weeks to get fix with no one doing IT officially.
The staff of the dealer might welcome IT. But to management it's something that will cut into quarterly profit margins. And that might cause bonus targets to be missed. As for CSK.....300 million....just this one time! They might have spent 100 million over the last ten years on IT and hardened data centers! So...the exploit is now known and patched so no reason to every worry about it again. Still up $200 million! If we put in IT and hardened everything it would take at least two decades to make up the difference! Besides we'll just pass on the costs to our customers! Hell....lets raise fees enough to throw in an extra 20% because fuck the client!.....Because reddit I'm gonna throw on the /s just in case. Anyway....I wonder how long before they get hit again since they have proven they will fold easy and are a soft target.
Since you seem to have inside info, how long does it take to decrypt? Any estimate on when dealership operations might be back up?
The official message from CDK right now is "it will be days but not weeks".
To be fair, weeks are comprised of days so they aren't lying...
Lol! Well, that's what we've been hearing also. Possibly Wednesday. But nothing definite. I guess it would be difficult to say. Thank you for your reply.
I used to work for an MSP that mainly supported auto dealerships, most of whom used CDK. CDK (formerly ADP Drive) is pure trash and I wouldn't be surprised if they had no backup strategy at all. Everything they do, from their upcycled 1980s terminal-emulator system to their shitty / non-existent support, screams 'mismanaged company getting by on 20-year contracts signed by tech-illiterate fat-cats'. So glad I'm no longer MSPing it, especially at shitty auto dealers. It couldn't have happened to a better company than CDK. Hope they and their worthless product strangleholding the industry go under.
You never wanted to be the last person to touch an Auto Dealership. Hot Potato. Trying to figure out which generation which gear was what.. layers of garbage in those closets.
That’s exactly what we experienced supporting a dealership. We had to fix so, so many issues from the previous MSP. We finally got it up and running then they sold to a larger auto group who had in-house. We couldn’t get to it all in the year we were there but I hope those poor bastards finally got it sorted out. I do know everyone’s CDK password was…”password.”
"Hey, they said we needed to have a password we could remember, and I don't want to type in 38 characters every 5 minutes when it times out." -Most dealerships, probably
They're amongst the worst clients to support. Hard to avoid when the MSP focused on that vertical, though! 😫 I've come to the conclusion that the sales and finance departments are solely staffed by folks with personality disorders (main-character syndrome, Napoleon complex, etc.). Tons of love to the technicians and parts departments, though. Those guys were always calm, cool, and professional; the only two departments in all of the many auto dealerships I've supported that were consistently staffed with cool and friendly people who didn't think they were special.
90% of it guys I've seen in my dealership lived with their mother and sucked cock
\^ Found the sales bro ...
Funny given the centralized hosting servers are in one of the best data centers in the country.
I bet they used that as a sales point to gloss over the fact that their internal processes are shit.
Funny seeing quad redundancy hooked up to old hp g6 proliants
What an uninformed, stupid thing to say.
They're going to get hit again in less than a month.. prepare the popcorn 🍿🤦🏽♂️
They obviously don't. Cybersecurity is the most important least important thing organizations think about. I'm banging my head against a wall at my current MSP saying we need proper tooling in place and we need the tiers organized so sales people can go sell so we can either 1) get things up to a proper cyber security standard and 2) cover our assess so when those businesses do get compromised we can say "hey, we told ya" and then I'll be stuck working after hours for a few days.
I've heard the ransom was 300 mil. Insane.
Goodness gracious, a truly eye watering sum. If you though CDK Global’s support, engineering, cybersecurity, etc was bad before, wait until their entire corporate budget is wiped out for several years due to paying off Russian cyber-terrorist.
Don’t worry, the managers that decided to cheap out on the backup solution will get bonuses for their swift action in paying the ransom.
Why are they Russian? Did I miss something?
People just assume any cyber attack is Russian
Blacksuit is the remnants of Royal, and before them Conti. So, yes, they are mainly Russian.
It was India and Tekion was behind the cyber attack
where did you hear that?
It was shared to me by someone currently unable to work due to the incident. It's not verified information, so please don't take my word for it. Others on reddit also appear to be speculating in this thread. https://www.reddit.com/r/cybersecurity/comments/1dl2kb2/anatomy_of_the_cdk_attack/l9mt710/
They tied it to the signature of the ransomware code, it was very similar to Royals version
Just asking, I was at the tag office and they were talking an about 3.8 Billion ransom. Later in the day went to the auto parts store in a different county and they were talking about a pay off in the billions as well. Could it reach that high with US and Canada
Am I stupid? Do people just not have backups? Like, if they had any off-site, as long as it's not locally attached, accessible, basically agentless, wouldn't they be all good? MSP360, Cove, anyone half decent can be agentless or at least not allow local configuration, so they can't mess with it, forget immutability, even. Am I naive? Or are people stupid?
Not saying this is what happened with CDK but domain joined Veeam servers are waaaay too common.
yup seen this one personally in an attack.
The leaked credentials associated with cdk.com, sales.cdk.com, retail.cdk.com, and support.cdk.com are enough to keep me up at night.
Dude, I've been there, feels horrible, but that was on me, didnt realize how stupid that is (veeam domain joined servers), the only thing that saved my bacon was I kept backups offsite.... I really feel for whoever is going through that....
I've seen threat actors hang around in an environment for potentially weeks before torching the environment. Even with good backups (which they WILL go after), anything after the point they got in could be compromised and easily let them re-assert access. That leaves the only choice really being to take older backups and try to restore the data only (ie. transactions) from the more recent ones.
There was a report on Wednesday that the backups were compromised. But completely agreed that having a single point of future anywhere in your DR run book is pretty gosh darn foolish.
CDK's support was never great, but it's gotten worse since they were acquired by Brookfield. I would certainly think a company with well over a billion dollars in annual revenue would have the resources to have a solid backup and disaster recovery strategy, but here we are...
And to think they could have had a superior DR strategy in place for what they are now spending to decrypt.
The first thing any modern cryptolocker does is gain access to your backups, DR systems and offsite/cloud backups to make sure you cant simply restore. Long gone are the old days where they simply started encrypting every file the exe could get its hands on, the game plan these days is to hide and plan, making sure to cover their bases to make sure recovery is impossible.
They have a distributed cloud infrastructure, and it proliferated when one picked up the ransomware. The initial rollback attempts of one day and one week were both compromised. All the restoration did was encrypt more data. They may have core functionality by Wednesday but full integrations will be at least a week. I would also expect it to perform poorly due to the tsunami of transactions that will roll in.
They managed so many dealerships and work with other car manufacturers like Toyota, Honda, BMW, and others that it is a tall task to execute well on their scale DR plan. Most Dealerships are used to their UI, and most Dealerships are comfortable using them. Now these Dealerships are finding out
People are retarded
A lot of these “global” firms have the bare minimum security with 0 intent to do anything about it, complete negligence. Until personal liability is introduced it looks like it will stay this way
[удалено]
This post was removed because it was deemed to be promotional or for the purpose of sales. Vendor participation is encouraged. Feedback and assistance can be invaluable. However, promotion of any products, including webinars, must be kept to the Weekly Promo thread.
We are working* with a dealership affiliated with CDK. CDK hosts their AD and RDS infrastructure in their Cloud but I only briefly exchanged a few e-mails to provide a password reset script for Microsoft 365 and some other hardening suggestions. We only provide SentinelOne for their Workstations and no infections found yet but we'll be another step closer to bringing them under our umbrella.
CDK hmm, as bad as i hate to say this, i used to work for the company. once the cyber attack took place it was we will keep you updated or we will do this. here we are day 7 and nothing. no updates for dealerships or ex employees on what is happening
Attended a Gartner conference where one of the presentations touched on the difference between Caesars' and MGM's responses to their ransomware attack last fall. Caesars paid $15 Million; MGM did not pay. Caesars was down four days. MGM was down for 10 days, and it cost them $100 Million. Caesars could have paid and received nothing in return. There is no great answer if you are facing extinction because your systems are locked up, and you have no backups. FBI still says not to pay as it just perpetuates the problem, which is true. The good news is ransomware payments are generally down over all as companies who get hit have a recourse.
One reason companies aren't paying ransoms is because the stigma of being ransomed is gone. At first, it was thought of as a failure of the company, but now it's seen as an inevitability. In some instances, companies may be better prepared, but I believe it has far more to do with public sentiment. In addition, years ago if you're information was leaked, you may have been able to tie it back to a single company's cyber incident. Linking a PII leak to a unique causality would be impossible in this climate. Ransoms are like COVID-19. You don't need to lick the handrail in a subway car; you'll get it just because it's transmissible.
Need to have DMS onsite at dealer sites not in cloud datacnter. Cloud still not secure. Thousands of dealers just learned this.
100% this. I think this speaks very loudly about blindly trusting any cloud provider because of this kind of situation. They never properly invested in securing their environment and have put everyone's data at risk. I know speaking personally for the company I work for ($400 million manufacturer), I will die on the hill of us being our own cloud. Once I retire that may change, but we are in control and know what we have protected. Our ERP provider wants to move everyone to their cloud, and there is a snowball's chance in hell that I would ever trust them.
Its also cheaper, faster, etc. Though email has kind of gotten to the point that hybrid makes a bit of sense.
We do use cloud for certain things. Moved to O365 a long time ago (still glad we did in spite of Microsoft and their hot garbage). Very happy we don't have any on-premise Exhange Servers, lol given all of the vulnerabilities.
I still have customers using them. If you have 200 plus users, with the right firewall and filtering setup, it's not that bad and saves a bit of money. But it really depends on your use structure. If you need office/teams etc. or not. A lot of users don't need that stuff. I typically filter all my emails through an few outside filters anyways with an ACL limiting access. So the idea of someone getting through vulnerability is pretty low. Worst that's happened over the years is a user corrupting his own stuff via a link, but with link filtering now along with DNS filtering has pretty much cut that to zero. Everything is typically air gapped on the backups. Restore times are pretty quick. Cloud is still about double the price no matter what you do, runs slower, and has less features.
At one point I was essentially called a "stupid old boomer dinosaur destined for extinction" for saying this. 1. Not even close to a boomer. 2. Look who's laughing now Mr. "on prem is garbage, cloud is the only way" man!!!
Does anyone know how they likely gained control? Coming from someone like myself who doesn't work in cyber security is it typically a matter or something as pedestrian as socially engineered administrative credentials stealing?
hunter2 Its always hunter2
Weird, I only see *******.
They posed as a 3rd party vendor to gain access to CDK. They went so far as to get certified and groom CDK for a while before they were accepted. Problem is no one knows what vendor they are. So they are LIKELY already infiltrating Reynolds, Cox Auto, etc. They most recently attacked a police department in Kansas, and after ransom was not paid, they leaked the department's sensitive info.
source?
This
Aside from 0 day attacks, compromise usually happens as a result of * Not patching known vulnerabilities * Misconfiguring systems * Social engineering, typically phishing to steal creds Attackers don't necessarily even need to compromise admins or privileged accounts with social engineering. If they can get any foothold, even with a third party or vendor, they can start working their way laterally through the organization until they get what they need. There's no public information for the method of attack for CDK. It's just speculation until a public report is released (or there is a reliable leak).
TechCrunch mentioned that CDK will be addressing the issues now. It's definitely not the right situation to show how patient and lethargic a business is. They could have reacted earlier. And, CDK has promised to restore their IT systems within several days, and not just **HOURS**. It’s uncertain whether they’re running out of resources :(
It’s now 1 week and probably at least another week. Just more bs coming from Cdk
Disgusting. The amount of money they make and the stranglehold they have on the industry, they should be held legally responsible for this lack of accountability. I hope they disappear after this.
Yet another example of why crypto should be banned. The only use case for cryptocurrencies is criminal activity.
One take on the situation: [https://www.thebignewsletter.com/p/a-supreme-court-justice-is-why-you](https://www.thebignewsletter.com/p/a-supreme-court-justice-is-why-you)