The ongoing cyberattack at CDK Global has paralyzed car dealerships for days

new York
CNN
—

Cyberattacks seem to be more devastating than ever and the companies affected are taking even longer to deal with them.

The latest high-profile attack continues that trend: An ongoing cyber incident at CDK Global, whose software dealerships use to manage everything from scheduling to documentation, has been shutting down dealerships for days now, with no end in sight.

In May, a cyberattack on Ascension, a St. Louis-based nonprofit network of 140 hospitals in 19 states, forced the system to divert ambulances from several of its hospitals. It took nearly a month to fully resolve the problem.

And in February, a ransomware attack on Change Healthcare, a subsidiary of healthcare giant UnitedHealth Group, caused billing disruptions at pharmacies across the U.S. and threatened to bankrupt some healthcare providers.

Experts say hackers are becoming more sophisticated and can hide undetected in a company’s systems for longer. These hackers are targeting companies with a supply chain-style attack, shutting down entire industries to steal more money. And certain industries that often use outdated systems, like healthcare, are becoming even easier targets.

“We can’t even compare what happened 10 years ago and what’s happening today,” Dror Liwer, co-founder of cybersecurity firm Coro, told CNN. “(Hackers) are in the game to make much bigger profits than before.”

Hackers are not only more sophisticated, but also more patient, said Liwer.

Hackers hide in an organization’s framework for a time and then move laterally through that framework, compromising numerous parts of the system. They wait until the time is right to attack. And the longer the hackers wait, the greater the damage.

“When (hackers) launch and execute the attack, it’s really damaging to the organization, which then gives them more revenue,” Liwer said.

Experts CNN spoke to said it’s difficult to immediately get specific details about individual cyberattacks. For one thing, companies want to protect their brand reputation from potential litigation. Also, organizations may not want to reveal specific details of the attack before an investigation is complete, the experts said, in case there are copycats.

Eric Noonan, CEO of cybersecurity provider CyberSheath, said ransomware attacks typically occur through channels such as phishing emails. These attacks can go undetected for days or even weeks as the hacker moves laterally.

The actual deployment of ransomware is often rapid and widespread, according to Noonan. Most victims do not realize they have been hacked until they lose access to important files or receive digital ransom demands.

“Ransomware is the digital equivalent of squatters occupying a home. The initial break-in goes unnoticed, allowing the squatters to occupy and control the property. By the time homeowners become aware of the problem, the process of regaining control and ownership is disruptive and expensive,” Noonan said.

While companies have historically used less interconnected systems, migrating to the cloud and relying on third-party systems – despite supporting day-to-day business operations – results in complex systems that are more vulnerable to large-scale hacker attacks.

“It also creates a kind of target and helps attackers focus their efforts on certain types of infrastructure or certain cloud platforms,” ​​Noonan said.

And hackers are targeting organizations that operate in the supply chain of industries. For example, by attacking CDK’s software, hackers were able to paralyze the auto trade. Change and Ascension, large hospital chains, were unable to adequately supply their numerous branches. This gives hackers the opportunity to demand ever larger sums of money, says John Dwyer, head of security research at Binary Defense, a cybersecurity solutions company.

Although hackers have more influence, paying a ransom and quickly recovering data are unlikely, experts say.

“There has never been a story written about a company that successfully paid a ransom and was then able to quickly restore its systems,” Noonan said.

Noonan said the problem is not necessarily that hackers are becoming more sophisticated, but that many organizations lack modern, up-to-date systems. Most organizations don’t conduct incident response drills, which is why it takes longer to recover from these massive hacks.

“Much of our critical infrastructure is far behind in preparing to detect cyber threats when they occur and, more importantly, recover from them,” Noonan said.

According to an FBI report, ransomware attackers most heavily target the healthcare and public health sectors, followed by critical manufacturing and government facilities.

As systems become increasingly interconnected, a company’s ability to maintain its cybersecurity is limited—especially when it relies on third-party systems, as car dealerships do with CDK.

“Car dealerships are not in the cybersecurity space, so they don’t really have the ability to protect a system like that. That’s up to the seller,” said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance.

Steinhauer also said it was a constant game of cat and mouse.

“Every time we fix something, the hacker can still break it. And they only have to be right once, we have to be right every time,” Steinhauer said.

The number of attacks on hospitals has increased. A nurse who works at Ascension Providence Rochester Hospital near Detroit, Michigan, previously told CNN that the ransomware attack on the networks is “putting patients’ lives at risk” because health workers have to rely on paper documents despite the large number of patients they have to care for.

Others say healthcare has been targeted because of outdated technology in the field, said Steven McKeon, founder and CEO of software companies MacguyverTech and MacNerd, in a press release. That technology helps patients reorder prescriptions, view test results and schedule appointments, but it’s also more vulnerable to hacking.

CNN has contacted Ascension and Change for comment.

According to Dwyer, companies can better leverage third-party expertise because many internal security teams are quite small. The best examples are having an internal team that is knowledgeable about the company’s internal systems and hiring external cybersecurity vendors to augment the team.

Organizations can also implement systems that monitor security across their entire enterprise, Liwer said.

Others say mandatory minimum cybersecurity standards should be introduced for listed companies. These minimum standards should be viewed like seatbelts and airbags, says Noonan – they won’t prevent accidents, but they will make companies better prepared.

“There are a lot of software companies or manufacturers of critical parts or parts of the supply chain that Americans have never heard of – these companies, the applications and the software or parts that they make until they’re no longer available. There are a lot of other CDKs out there,” Noonan said.

CNN’s Sean Lyngaas contributed to this report.