Auto dealers who haven’t shored up digital defenses since last summer’s hacking of CDK Global’s systems should do so because cyberattackers have been on the prowl ever since, according to a newly released report.
Data gathered by Proton Dealership IT and Security, a Reynolds and Reynolds affiliate, show that such attacks on dealerships have leaped almost 250% since before the CDK incident.
Though the sinister activity subsided after the summertime attacks that hobbled thousands of dealerships, it spiked again in a few months and was up over the holidays by about 110% year-over-year, Proton found.
Then another jump came this past March when cyberattackers zeroed in on images and videos of vehicles on dealership websites, inserting malicious code into the image files that led consumers to unwittingly download and initiate malware, according to Proton.
“Once a user followed the instructions triggered by accessing the images and videos, the malware would access their computer, scraping their web browser history, stealing passwords and controlling the computer remotely,” Proton said in its report.
“Ultimately, the attackers could use the remote access and stolen passwords to log into web-based systems and potentially compromise payroll, banking and OEM systems.”
To prevent such disasters, auto dealers can tap technological tools, including round-the-clock monitoring, to protect themselves and avoid ransomware incidents, according to Proton, which said it intervened in the March attack to mitigate its effects, including working with website providers to remove contaminated content.
Last year’s CDK incident both served as a wake-up call for dealers and revealed industry vulnerabilities to hackers, who’ve since exploited the weaknesses, Proton pointed out.
It advises dealers to introduce at least the following measures to protect their operations:
Train employees on defending against social engineering and phishing scams.
Install email filtering and multifactor authentication for cloud systems and remote access.
Employ managed detection and response programs.
Access round-the-clock security systems monitoring.
Establish a cyberattack response and recovery plan.
