Nizich Comments on Auto Dealers’ Management Platform Hack
Communications of the ACM published an in-depth piece about the recent hack of a Dealer Management System (DMS), which impacted more than 15,000 U.S. dealerships. Michael Nizich, Ph.D., director of the ETIC and adjunct associate professor of computer science, provided insight and commentary on the cybercrime group BlackSuit’s ransomware attack on CDK Global (CDK), one of the largest DMS providers in North America.
According to Nizich, the BlackSuit group was probably inside the CDK systems for a month before the attack, preparing to launch it. “Current public details point to a spear-phishing attack on an employee followed by an escalation of privileges that allowed the attacker to move laterally across the network.” He further noted that based on public information, BlackSuit breached and exfiltrated data belonging to auto dealers, employees, and consumers.