Cyber Threats Continue Apace
Hackers, seeing auto retail vulnerabilities in 2024 CDK incident, are taking advantage, data show.
Compared to before last summer's attack on CDK Global systems, cyberattacks on auto dealerships are up nearly 250%, according to the report.
Pexels/Pixabay
Auto dealers who haven’t shored up digital defenses since last summer’s hacking of CDK Global’s systems should do so because cyberattackers have been on the prowl ever since, according to a newly released report.
Data gathered by Proton Dealership IT and Security, a Reynolds and Reynolds affiliate, show that such attacks on dealerships have leaped almost 250% since before the CDK incident.
Though the sinister activity subsided after the summertime attacks that hobbled thousands of dealerships, it spiked again in a few months and was up over the holidays by about 110% year-over-year, Proton found.
Then another jump came this past March when cyberattackers zeroed in on images and videos of vehicles on dealership websites, inserting malicious code into the image files that led consumers to unwittingly download and initiate malware, according to Proton.
“Once a user followed the instructions triggered by accessing the images and videos, the malware would access their computer, scraping their web browser history, stealing passwords and controlling the computer remotely,” Proton said in its report.
“Ultimately, the attackers could use the remote access and stolen passwords to log into web-based systems and potentially compromise payroll, banking and OEM systems.”
To prevent such disasters, auto dealers can tap technological tools, including round-the-clock monitoring, to protect themselves and avoid ransomware incidents, according to Proton, which said it intervened in the March attack to mitigate its effects, including working with website providers to remove contaminated content.
Last year’s CDK incident both served as a wake-up call for dealers and revealed industry vulnerabilities to hackers, who’ve since exploited the weaknesses, Proton pointed out.
It advises dealers to introduce at least the following measures to protect their operations:
Train employees on defending against social engineering and phishing scams.
Install email filtering and multifactor authentication for cloud systems and remote access.
Employ managed detection and response programs.
Access round-the-clock security systems monitoring.
Establish a cyberattack response and recovery plan.
Originally posted on Auto Dealer Today
More Compliance
What to Expect in 2026 - New Rules and Regulations on the Horizon
In Trump’s first year, just 60,917 pages were printed in the Federal Register, the official journal of the federal government, down 42%.
Read More →
Fines of the Times
Civil penalties for noncompliance with federal auto retail and finance rules and regulations can add up quickly. Use this checklist to cover your bases.
Read More →
Your Synthetic ID Theft Policy
Frankenstein’s monster is coming for your dealership. Use this guide to recognize synthetic ID thieves and maintain Red Flags Rule compliance.
Read More →
The Regulatory Empire Is Striking Back
President Trump - entropist and corporate disruptor in consumer law
Read More →
How to Clear a Red Flag
Refine and enforce your dealership’s FTC-mandated ID theft-prevention program to ensure no transaction goes awry.
Read More →
Mosaic Adds Continuous Monitoring With AuditF&I
New AuditF&I platform is designed to give dealerships a smarter way to stay compliant.
Read More →
So You Want a Compliance Audit
Be careful what you ask for … or what you get! Here are three critical components to review with your next compliance partner.
Read More →