Cyberattack Disrupts Thousands of Car Dealerships

 https://www.kbb.com/car-news/cyberattack-disrupts-thousands-of-car-dealerships/

Thank you for visiting my Blog again! In my blog, every week I talk about important events relating to cybersecurity. 

I want to talk about one such event. However, hopefully your summer solstice went great, because for car dealerships it was one of the worst days for them this year. If you did not know, for the past 3 days thousands of car dealerships nationwide have remain disrupted, reason being a cyberattack that shut down software systems used by dealers to manage sales and service. 

However not all dealerships have closed down, some have gone back to old technologies like spreadsheets and sticky notes. This is not also a one time attack, someone or some people are trying to keep dealerships from functioning. For example, CDK was able to restore some services late Wednesday, however it has been reported that another attack has taken them offline again. 

This similar attack also happened eight days prior against Findlay Automotive group, which is a dealership network in Nevada. FBI is investigating that attack, however, we do know that it was a ransomware attack, meaning that hackers encrypt all the devices on the network leaving behind ransom notes with instructions on contacting the hackers. 

Hopefully all of the dealerships start working at full functionality again. 

What are my thoughts of how could this attack been prevented? I believe that hackers being able to get into all of these security systems within a short amount of time means that the software that dealerships used was not well protected. 

Here are several strategies that businesses, including car dealerships, can implement

  1. Regular Software Updates and Patch Management- Ensure that all operating systems, software applications, and firmware are regularly updated with the latest security patches. Vulnerabilities in outdated software are often exploited by attackers.
  2. Strong Endpoint Protection- Deploy and maintain robust antivirus/antimalware solutions on all endpoints (computers, laptops, mobile devices) to detect and block malicious software before it can cause harm.
  3. Email and Web Security-Implement email filtering and web security solutions to block phishing emails, malicious attachments, and access to malicious websites. User education on recognizing phishing attempts is also crucial.
  4. Access Control and Least Privilege-Limit user access to systems and data based on the principle of least privilege. Employees should only have access to the resources necessary for their roles.
  5. Data Backup and Recovery-Regularly back up critical data and ensure backups are stored securely and offline. This allows businesses to restore data in case of a ransomware attack without paying the ransom.
  6. Network Segmentation-Segment networks to isolate critical systems and data from less secure areas. This can help contain the spread of malware and limit the impact of a potential breach.
  7. Employee Training and Awareness-Train employees on cybersecurity best practices, including how to recognize phishing attempts, the importance of strong passwords, and how to report suspicious activities promptly.
  8. Incident Response Plan-Develop and maintain an incident response plan that outlines steps to take in the event of a cybersecurity incident. This should include procedures for containment, investigation, recovery, and communication.
  9. Regular Security Assessments and Audits-Conduct regular cybersecurity assessments and audits to identify vulnerabilities and weaknesses in systems and processes. Address any issues promptly to improve overall security posture.

There should be disaster recovery and business continuity plan should be in place. Critical data should be secured with strong encryption and also regular back up into another system is key protection for such ransomware attach.

Thanks for reading my blog, 

Have a great rest of your week

Comments

Post a Comment