The Breach CDK Global June 18 – June 19, 2024

The Breach CDK Global June 18 – June 19, 2024. Amy Yip EdX Name: Aphreal / GitHub Name: Amy-6897 December 17, 2025.

CDK Global, a leading provider of dealership management software and a subsidiary of Brookfield Business Partners, which facilitates financial transaction processing for approximately 15,000 automotive dealerships across the United States and Canada, was subjected to a significant ransomware attack accompanied by a reported ransom demand of $25 million. Russian-linked cybercriminal organization, BlackSuit infiltrated CDK Global on June 18, 2024 and again on June 19, 2024 during the recovery phase which complicated and prolonged the outage. Blacksuit initial demanded approximately $10 million dollars before escalating to $50 million dollars. It is estimated CDK Global paid $25 million dollars in Bitcoin through Global cryptocurrency exchanges to Blacksuit in the ransomware attack..

The initial breach is considered to come from phishing attacks which exploited multiple vulnerabilities within CDK’s systems. Once the hackers gained access though CDK’s “always on-VPN”, they were able to access their network and gain higher level permissions through CDK’s core Deal Management System (DMS). Overlooked Best Practices: Lack of awareness Following the initial compromise on June 18, 2024, CDK Global commenced system recovery on June 19, 2024. The expedited remediation left residual vulnerabilities unmitigated, enabling threat actors to conduct a secondary intrusion. CDK Global’s infrastructure supports critical enterprise applications, including Customer Relationship Management (CRM), financial transaction processing, inventory management, and payroll systems, across approximately 15,000 dealership endpoints in the United States.. Notification to affected dealerships was delayed, forcing reliance on manual workflows due to incomplete and ambiguous communication from CDK Global’s cybersecurity and IT operations teams. The organization’s incident response indicated inadequate assessment of breach severity, resulting in a reactive posture that amplified operational downtime, exposed additional vulnerabilities, and caused reputational and financial impact..

Cost Concerns The prolonged system outage endured by CDK Global, which lasted approximately two weeks, severely disrupted business operations for an estimated 15,000 automotive dealerships across the United States and Canada.Potentially paid out $25 million to attackers. The disruption had cascading effects on the broader automotive supply chain and financial institutions dependent on timely and accurate transaction processing. The outage hindered credit approvals and contract finalizations, contributing to additional economic ripple effects beyond the dealerships themselves. Many dealerships resorted to manual, paper-based processes as interim solutions, which substantially slowed transaction throughput and reduced overall efficiency. As a result, the cumulative financial impact is estimated to have exceeded $1 billion in lost revenue over the affected period. Complexity of IT Systems CDK DRM software was 100% cloud based with no backup system The breach was Enterprise-scale cyberattack A software component still relied on TLS 1.0 for communication and should have been removed years prior to the attack. Prioritization of Sales and Consumer experience Without DMS, dealerships were unable to process vehicle sales, financing, paperwork, inventory tracking and customer record. Many dealerships had to revert to paper processes which became labor intensive for them Consumers faced cancelled appointments, delays in parts for repairs and delays in buying and selling of vehicles, leading to frustration for consumers..

Strategies to implement once Compromised Isolate Affected Systems Disable DRM licenses, keys and/or credentials Activated the organizations incident response protocol Restore Systems from Backups Increase Security Measures Inform customers, employees and relevant authorities of the breach Work with legal teams on compliance issues Notify customes in a timely manner of the incident Conduct a thorough Investigation Analyze how the breach occurred Identify technical and human failures Document lessons learned from the breach.

Preventative measures Regular Security Audits Conduct vulnerability scan Perform penetration testing Employee Training Reinforce password and data-handling policies Run company simulated attacks MFA (Multi-Factor Authentication Apply least-privilege access Remove unnecessary or old accounts Enhance Backup and Recovery Plans Maintain secure, offline backups Test backup restoration frequently Separate backups from main networks Implementing Firewall and Antivirus Software Encrypt sensitive data Segment networks to limit attacker movement.

Conclusion: In conclusion, CDK Global ransomware attack disrupted thousands of dealerships and affected consumers throughout U.S. and Canada. This caused delays , frustration and huge financial losses. This attack highlights the importance of cybersecurity and shows why protecting digital systems is critical for businesses and consumers alike..