Cyber Security Today, June 24, 2024 – Ransomware gang reportedly behind hack of car dealership software provider

Share post:

The BlackSuit ransomware gang is reportedly behind the hack of car dealership software provider.

Welcome to Cyber Security Today. It’s Monday June 24th, 2024 . I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

The BlackSuit ransomware gang is behind the cyberattack of CDK Global, a software company providing a management suite for car dealerships and parts manufactures. That’s according to Bleeping Computer, which cites multiple anonymous sources. Listeners who caught my Week in Review podcast over the weekend will recall that one of the topics David Shipley and I discussed was the double cyber attack last week on CDK Global. Thousands of car dealerships and parts manufacturers in the U.S., Canada, Mexico rely on its management suite. The company was hit twice: The intrusion was detected on Wednesday, so IT systems were shut. Later the same day some solutions were restored — only to see another attack within hours. That’s led to speculation the company may have restored service before completely cleansing the IT environment, or a second attacker exploited the same vulnerability as the first. Bloomberg News reports the attacker is demanding tens of millions of dollars in ransom from CDK Global. I asked the company for comment on the Bloomberg report. On Sunday afternoon a spokesperson only said that  it will take several more days to restore all of its IT systems. Meanwhile it is helping partners with alternate ways of doing business. CDK Global is part of Canadian-headquartered Brookfield Asset Management, part of Brookfield Corp.

IT administrators who haven’t patched their SolarWinds’ Serv-U file transfer applications are in trouble. Hackers are already looking for unpatched Windows and Linux versions after word of a vulnerability was publicized early this month, say researchers at GreyNoise Labs. The vulnerability allows an unauthenticated attacker to access any file from the file system. The researchers know this application is under attack because they deployed a honeypot to see how much action it attracts.

Many threat actors are using a remote access trojan called Rafel to compromise Android devices of corporate employees. Now cyber defenders can read background research on how Rafel works and what to look for. The research was put out by Check Point Software, which notes most targets have been in the U.S., China and Indonesia. Victims have also been seen in France, Russia, Italy, Germany and India The danger is that employees’ contact lists could be leaked, as well as two-factor login authentication codes. IT and telecom administrators should note that mobile devices with older versions of Android — versions 11 and lower — are the most commonly exploited. In fact devices running Android versions 11, 10, 9 and 8 account for more than 50 per cent of infections. Lesson to IT leaders and employees: Continuing to use old Android devices that can’t get security updates is a big security risk. IT and security leaders should also have policies forbidding employees from downloading applications from anywhere except approved app sites. Malware for mobile devices is often distributed through apps that pretend to be legitimate and spread through sites including Instagram and WhatsApp.

Financial Business and Consumer Solutions, an American collection agency, has updated the number of people affected in a February data breach. Initially it said just over 1.9 million people were affected. In the latest filing with Maine’s attorney general’s office it now says just over 3.4 million were affected.

Medical device manufacturer LivaNova is notifying over 129,000 Americans of an October, 2023 cyber incident which resulted in the theft of personal information. That included names, phone numbers, email addresses, Social Security numbers, dates of birth and medical information.

Jeans manufacturer Levi Strauss is notifying over 72,000 people who bought products on its web site of a possible data breach. On June 13th a hacker launched a credential stuffing attack on the Levi website and may have seen information of customers who opened an online account. That included their names email addresses, physical addresses, and partial credit card information if the buyer saved the payment method.

Ventura County Credit Union, a California financial institution, is notifying over 44,000 people of a data breach after an outsider was able to access an employee’s email account in January. The information included people’s names, Social Security numbers and financial account information.

Finally, people doing online searches for the Oculus vitural reality software are being tricked into downloading malware. Researchers at eSentire say victims who aren’t careful are getting a fake Oculus installer that takes screenshots of their devices for capturing passwords or other sensitive information. The malware also automatically clicks through ads, generating revenue for crooks. Oculus, now called Meta Quest, can only be obtained from Meta. There is no free version of the software.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Amazon reviews losing trust as number of fake reviews are uncovered

Amazon's customer review system, once trusted for its verified buyer opinions, is increasingly under scrutiny as more and...

Apple Vision Pro U.S. sales plummet

Apple's Vision Pro headset, priced at $3,500, is experiencing a significant drop in U.S. sales. Market analysts report...

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways