Has ELeads been hit with a cyber attack?

[Rick Buffkin]

I'm seeing things across social media that ELeads has been hit with a cyber attack. Can anyone in here confirm this?? The site is currently down.

 

[kellis]

CDK has been down all morning and I'm reading that it's a cyber attack... yikes.

 

[Alex Snyder]

Car Dealership Guy on LinkedIn: Another big cyber incident in Automotive this morning: This time it's…

Another big cyber incident in Automotive this morning: This time it's CDK, the automotive software company. As a precaution to its customers, the company…

www.linkedin.com

 

[Ryan Everson]

 

[Ryan Everson]

It's a good sign that they were the ones that proactively shut the systems down, rather than being locked out by hackers.

That means they're preventing further damage and currently conducting a forensic analysis to understand the extent of the intrusion. It's likely they will pull systems out of quarantine gradually in phases.

These hacks are often deliberately carried out overnight when fewer staff are present. This gives them more control over the systems and increases their chances of success due to reduced monitoring and response capabilities.

It took MGM 10 days to get back up and running last year - cost them $100 million. So it could also be very bad.

Let's hope CDK is able to resolve this swiftly because it will have a massive impact on dealership's nationwide that rely on CDK DMS / E-Lead CRM.

Also the irony:

 

[Ryan Everson]

DMS is back live

 

[Tom Kasner]

DMS is back live

Unfortunately our users are all getting an IAM error when trying to log in.

 

[Ryan Everson]

By the way, they're hiring for a "Lead Cyber Security Incident Commander" if anyone is in the market:

https://careers.cdkglobal.com/job/20354628/lead-cyber-security-incident-commander-remote/

 

[Fullsend]

CDK is one of the biggest jokes I have ever seen. So many security flaws.
Running frame work from the early 2000s

 

[Carsten]

Something is off here.

They shut down?
OR
Was it that they got turned off?

Most attacks are like flooding a service with too many calls. You cause the server software to stress the hardware so hard that it can't think anymore.

Why aren't they on CloudFlare or CloudFront? These services would help mitigate a mass bot calling.
They would still be up and running.

Is it an old framework issue? Most likely not. All of the places where you can type in information has most likely (hopefully) has been hardened at the UI level and at the back end code level. This means you can't run database commands to dump data or enter some weird characters that will cause issues in your software and then get information directly or a hint to what you can attack next.

IAM Authentication is normally associated with Amazon AWS services.

If this was a developer issue, code can be rolled back if the team is paying attention.
eleadcrm .com doesn't load for me so the domain is turned off. It's like taking your phone number out of telecom system rather than being sent to voicemail.

Or was this a social engineered AWS access issue which would mean, shut the damn thing down now issue.