• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

Has ELeads been hit with a cyber attack?

It's a good sign that they were the ones that proactively shut the systems down, rather than being locked out by hackers.

That means they're preventing further damage and currently conducting a forensic analysis to understand the extent of the intrusion. It's likely they will pull systems out of quarantine gradually in phases.

These hacks are often deliberately carried out overnight when fewer staff are present. This gives them more control over the systems and increases their chances of success due to reduced monitoring and response capabilities.

It took MGM 10 days to get back up and running last year - cost them $100 million. So it could also be very bad.

Let's hope CDK is able to resolve this swiftly because it will have a massive impact on dealership's nationwide that rely on CDK DMS / E-Lead CRM.

Also the irony:
1718807968792.png
 
Something is off here.

They shut down?
OR
Was it that they got turned off?

Most attacks are like flooding a service with too many calls. You cause the server software to stress the hardware so hard that it can't think anymore.

Why aren't they on CloudFlare or CloudFront? These services would help mitigate a mass bot calling.
They would still be up and running.

Is it an old framework issue? Most likely not. All of the places where you can type in information has most likely (hopefully) has been hardened at the UI level and at the back end code level. This means you can't run database commands to dump data or enter some weird characters that will cause issues in your software and then get information directly or a hint to what you can attack next.

IAM Authentication is normally associated with Amazon AWS services.

If this was a developer issue, code can be rolled back if the team is paying attention.
eleadcrm .com doesn't load for me so the domain is turned off. It's like taking your phone number out of telecom system rather than being sent to voicemail.

Or was this a social engineered AWS access issue which would mean, shut the damn thing down now issue.
 
  • Like
Reactions: Fullsend