Ransomware attacks are becoming increasingly prevalent among HD truck parts and service companies. In early 2023, AutoPower’s expert support team intervened and resolved ransomware attacks on two long-time customers within days of each other. Fortunately, both organizations were back in operation within hours, with no data loss.
However, these incidents are minor compared to the recent attack on CDK Global, a major provider of business systems for automobile dealerships. As reported by CNN Business on June 25th:
“Car buyers and dealers are grappling with the shutdown of the retail software provider (CDK Global), which has left nearly 15,000 car dealerships across North America struggling to provide services to customers and scrambling to find temporary analog solutions to operate.”
This was later followed by a report from the news Website The Register:
“…CDK restored services to car dealerships across the US after a two-week outage caused by a “cyber incident” that looked a lot like a ransomware infection. The shutdown of CDK’s software platform caused chaos for up to 15,000 car dealerships, including the Asbury, AutoNation, Group 1, Lithia, and Sonic chains, stopping sales going through and registrations being filed in some states.
CDK hasn’t yet disclosed how exactly it was able to get its business back online, but CNN cites sources who claim the software firm had to pay a ransom of $25 million to the ransomware’s operators.”
It was estimated that the combined losses of the 15,000 dealerships exceeded $600 million.
Unlike CDK Global, your HD truck parts and service business may not be large enough to afford a $25 million ransom. Therefore, it’s crucial to have defenses in place to prevent losses from ransomware and other cyber attacks. Ray Quirindongo, AutoPower’s Senior Computer Systems Engineer, offers a list of recommended security measures often implemented for companies using the AutoPower system. These best practices, part of AutoPower’s managed infrastructure services, include:
- Install a hardware firewall within your business.
- Ensure firewalls have deep-packet inspection with a Gateway Anti-malware/Intrusion Prevention license.
- Support Advanced Threat Protection to stop attacks based on behavior rather than dictionary files.
- Enable Content Filtering to prevent employees from accessing troublesome sites.
- Install client-side AntiVirus software, even if the firewall has it.
- Enable GeoFencing to block countries you don’t do business with.
- Enable SNMP on your firewall to monitor CPU, RAM usage, and connections, and alert when suspicious thresholds are reached.
- Enable logging to identify the cause of SNMP alerts, catching attacks as they happen and allowing for interruption.
- Enable email headers to notify employees when an email is from outside your organization.
- Institute employee training on cybersecurity best practices.
- Have local and offsite backups, ensuring offsite backups can’t be changed or deleted.
- Place credit card terminals on their own subnet.
- Place mobile devices on a subnet that doesn’t have LAN access.
- Allow open outside ports only from a static IP or secure VPN tunnel.
- Enable 2FA for VPN connections.
- Push security updates to all PCs.
- Schedule firmware updates on all sensitive hardware.
- Identify assets searchable on your network.
- Prevent certain email attachments from being delivered.
- Implement email gateway security and sandboxing.
If your organization lacks dedicated cybersecurity personnel, this list may seem intimidating. If you’re an AutoPower customer utilizing our security and hosting services, we have you covered. If not, we strongly recommend turning to a trusted IT services provider with deep security capabilities and experience to manage this for you.