D-FW auto dealers shift gears after ransomware attacks disrupt operations

Car dealerships across Dallas-Fort Worth and the United States are handling business the old-fashioned way after a major cyberattack compromised a widely used dealership software.

CDK Global, the company responsible for the sales and management software at nearly 15,000 U.S. car dealerships, has been compromised since Wednesday following two cyberattacks. The hack has forced many dealerships to improvise by handling sales, payroll, scheduling and other tasks by hand.

“Other than just slowing them down just a hair, it hasn’t had an effect on the amount of business that they’re doing,” said D-FW based Jerry Reynolds, who hosts the long-running CarPro radio show and has spoken with multiple D-FW dealerships, said. “Because the public, by and large, doesn’t really know about this.”

It helps that dealerships were around long before software manufactured by companies like CDK existed, Brent Franks, the president of North Texas Automobile Dealers, wrote to The Dallas Morning News.

“New car and truck dealers are able to adapt their processes to meet the needs of their consumer with or without the support of technology like that provided by outside vendors,” Franks wrote in an email.

Putting on the brakes

Even as dealerships find “creative workarounds,” the hack can have crippling effects, said Tom McCollum, the chairman of the National Audi Dealer Council and CEO of Dallas-based Forbes Todd Automotive Group.

“I think the entire automotive industry in particular, is learning a very valuable lesson right now that they have to be able to do business if this happens to another service provider,” McCollum said. “We’re all thinking about what those alternatives might look like to keep us in business if there’s another cyberattack.”

The group that hacked CDK demanded the company pay a ransom in the tens of millions of dollars, Bloomberg reported, and it could take days for systems to be restored.

Cyberattacks and ransomware are a growing concern for organizations that use software and third-party tech vendors. Earlier this year, a cyberattack targeted Change Healthcare, which sent thousands of providers scrambling. A ransomware attack affected the city of Dallas last year, and in March, nearly 2,100 people at UT Southwestern Medical Center were affected by a data security breach.

The CDK attack may impact the auto industry long after the initial disruptions. Since last week, several major auto dealers in the U.S. have reported declining shares. Sonic Automotive Inc., Penske Automotive Group Inc., Group 1 Automotive Inc., AutoNation Inc. and Lithia Motors Inc. were all affected.

Francesca Lockhart helps lead a cybersecurity clinic at the University of Texas at Austin and said her own family was affected by the attacks when her husband’s car maintenance appointment was canceled.

“At the end of the day, cyberattacks are going to happen,” Lockhart said. “You can’t stop or prevent everything. You can just take steps to ensure that you are using the vendor that has the most… effective cybersecurity practices and put security first.”

But Lockhart also said she doesn’t think this means dealerships will jump ship from big providers like CDK Global. The company is valued at $8 billion following a 2022 merger with a private equity firm based in Toronto, and is responsible for transacting 2.6% of the U.S. GDP, according to CDK Global’s website.

How cyberattacks happen

Lockhart said these kinds of software supply chain attacks, where software providers are targeted for customer information or sensitive data, are becoming more common. Either attackers inject some kind of code or virus into software updates that affect customers or the provider is taken offline completely. These attacks can then affect entire industries.

Royce Markose is a Frisco-based senior cybersecurity consultant and chief information security officer at Vistrada, a business consulting firm. He said hackers may target third-party vendors as the “weakest link” to then wreak havoc across organizations and industries at large.

“It’s an easy entry point where they can get a foothold and then move laterally, downstream to those larger entities and cause more widespread attacks,” Markose said.

Car dealerships are especially vulnerable due to their deep customer databases and relative lack of “cyber-savvy,” said Ram Dantu, director of the Center for Information and Cyber Security (CICS) at the University of North Texas.

Dantu said CDK Global’s main issue was not “segmenting” its servers enough to stop hackers from infiltrating the entire network after a successful phishing attempt — a likely cause of the breach, he said — on one device.

“We are also as weak as our least knowledgeable person,” said Cihan Tunc, an assistant professor at CICS UNT. “If one person got a phishing attack, got compromised, it can also create a cumulative effect.”

Resilience and preparedness

While the attacks are becoming more common, Lockhart doesn’t see huge potential for prevention within industries. When a third-party provider like CDK Global is attacked, there’s not much to do to prevent the domino effect that ends up hurting customers.

“What companies could do to build resilience in this space,” Lockart said. “I don’t know about prevention, but building resilience [means] vetting your third-party vendors especially if they are highly concentrated in the market.”

Markose recommends several other steps to protect from cyberattacks. First, organizations should create and test an incident response plan to make sure they are prepared for when a cyberattack does happen. He also recommends cybersecurity awareness training for employees to identify potential scams and threats.

Frequent software updates, strong passwords, multi-factor authentication, firewalls, intrusion detection systems, antivirus software and regular data backups are also best practices.

“It doesn’t matter who you are, how big, how small, anyone can fall victim to those attacks,” Markose said. “The key is to be prepared.”