North American car dealerships are under cyber attacks, posing a severe cybersecurity situation for car companies

Recently, CDK Global, a software company for car dealerships in North America, was attacked by hackers, causing over 15000 car dealerships to be unable to conduct normal sales. The hacker involved in this cyber attack extorted tens of millions of dollars in ransom from CDK Global.

CDK Global is a company founded in 2014, headquartered in the United States, primarily providing end-to-end digital automotive trading solutions worldwide, providing a comprehensive operational platform for automotive industry customers, covering all aspects of automotive dealership operations. The company has over 15000 automotive dealerships in North America and thousands of employees across the United States, valued at over one billion dollars.

The company's website states that it provides a three-layer network security strategy to prevent, protect, and respond to network attacks. However, ironically, since last Wednesday, CDK Global software has experienced service interruption issues. In order to prevent the spread of attacks, they were forced to shut down most of the systems, resulting in dealers in North America and Canada being unable to use the Dealer Management System (DMS) for car sales, vehicle maintenance, and vehicle delivery.

According to the dealer manager, all functions of the dealer, including sales, service, and parts, require the operation of DMS, and even the storage of vehicle information cannot be separated from the DMS system. An employee at a car dealership in New York reported that due to a software service interruption, operations were almost completely paralyzed. Moreover, dealers are unable to access customer databases, resulting in the inability to contact potential buyers. Employees are forced to use paper and pen for work. This hacker attack has caused thousands of car dealerships to be unable to function properly, causing huge losses to car dealerships and is a catastrophic event.

It is reported that CDK company is collaborating with third-party experts to assess the impact and provide regular updates to customers, while remaining vigilant and striving to restore services to enable dealers to resume normal operations as soon as possible, which may take a few days. According to sources, CDK is considering preparing to pay a ransom.

This intrusion incident once again sounded the alarm for the data security of automotive companies. In 2021, Tesla Motors was attacked by cyber hackers who used Tesla's in car cameras to capture footage of the car and spread it widely on social media platforms. In 2022, NIO was also exposed to have illegal individuals selling NIO related data online and threatening to extort Bitcoin worth $2.25 million from NIO through data leakage. In 2021, Volvo's research and development data was also hacked. Volvo stated that a large amount of its data was stolen during the invasion. In 2017, Honda suffered a ransomware attack that affected the company's servers, email, and other functions. Global automotive giants such as Toyota and Volkswagen have also encountered similar problems.

Intelligent connected vehicles and related vehicle companies collect a large amount of data every day, involving key information such as the travel trajectory, habits, voice, and video of drivers and passengers. Once hacked, it can leak personal privacy, threaten property and life safety, and even endanger national security.

Therefore, the automotive industry should take necessary measures to address network security threats, continuously improve relevant regulations for data protection of automotive products, assume corresponding responsibilities for information data security collection and protection, continuously improve the security of server systems, and adopt higher-level network firewalls to avoid hacker intrusion. At the same time, it also calls on relevant departments to timely introduce relevant laws to protect the legitimate rights and interests of car companies and consumers.

In today's digital age, the rapid development of intelligent vehicles has brought convenience and efficiency to car companies and consumers. At the same time, the threat of network attacks is also accelerating, and the security situation is becoming increasingly severe. It is urgent to solve the network security problems in the automotive industry.