Q2 Cyber Threat Report: Ransomware Season Arrives Early
In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.
Corvus will NEVER call you to ask for access to your systems. If you receive any calls purporting to be from Corvus and asking for access to your system, they are social engineering calls.
If you receive such a call, please contact us at services@corvusinsurance.com
On Saturday, June 22, 2024, the CDK Global incident hotline referred to the incident as a cyber ransom event following reports by Bloomberg of the same. This cyber ransom event has been attributed to BlackSuit ransomware. At this time, CDK Global reports that is has begun the restoration process. CDK Global anticipates the restoration will take several days, not weeks, for the major application to resume functionality.
On or about June 18, 2024, CDK Global suffered a cyber security incident that led them to disconnect their systems and infrastructure, resulting in a lack of service to their customers. While no details are known about the incident at this time, CDK Global has reportedly contacted their customers and advised that the “Always-on VPN'' be disabled, as it has administrative permissions for the purpose of updates.
CDK Global’s hotline has also reported instances of threat actors contacting dealerships while purporting to be CDK Global employees. Threat actors are conducting social engineering, attempting to gain direct access to dealership systems and records. CDK Global stated that they will not be contacting any customers to obtain any alternative access or credentials.
We encourage your organization to take the following steps to mitigate against potential attack:
Please inform your employees that the risk of company phishing and social engineering is incredibly high at this moment.
Verify directly with CDK Global through your own initiated and trusted contact details if any needs arise.
The Corvus Risk Advisory Team will continue to communicate with policyholders regarding questions or concerns.
“We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th,” reads a message to CDK customers posted Thursday on X.
“Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems,” the message posted Thursday reads.
According to the message posted Thursday on X, CDK has been “assessing the overall impact and consulting with external 3rd party experts.”
“At this time, we do not have an estimated time frame for resolution and therefore our dealers' systems will not be available at a minimum on Thursday, June 20th,” the message reads.
“We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible,” the CDK spokesperson said in a statement shared with TechCrunch.
CDK Global set up toll-free lines at +1 (855) 356-3270 (English) and +1 (877) 483-7817 (French) for updates.