[cmyx6go]

Car dealerships hit with second day of massive computer system outage.

A second cyber incident at data provider CDK Global, whose software is used at 15,000 auto dealers, continued to slow operations to a near-standstill Thursday at US and Canada dealerships, the company said in a message sent to dealers.

I read yesterday that this brought dealers to a standstill. They couldn't perform service, make appointments and of course couldn't process sales. I hope no one is scheduled to take delivery today.

https://www.yahoo.com/finance/news/c...200629129.html

[DriveModerately]

surely they will pass this cost off to the consumer

[dreamingat30fps]

This might have been what happened when I picked up my truck yesterday from the Ford dealer. I had an issue with the pricing they were giving me and they claimed their system was down and they couldn't look anything up or change my invoice. Their credit card machine seemed to work just fine though.

They did end up charging me the correct amount, but were unable to change the invoice or anything like that.

[vreihen16]

Ask me why I'm not going to miss the IT field one bit when my forced retirement begins at the end of the month!

My DW keeps prodding me with IT job postings because I can't afford to retire yet, but I'd rather be a deck hand on a garbage scow than out-numbered 10,000 to 1 by threat actors and scammers coming at me from every direction.....

[vreihen16]

Pizza. If the end user calls to complain, you just ship them another pizza. After 45 minutes, the pizza is digesting and does not require any more customer support.

As for the money part, just open a pizza business near JJ 911SC and you'll be set for life.....

[CTinline-six]

Yup, let's make everything streamlined and cheaper by using cloud systems... until something happens and then everything is F'ed at the same time.

[vreihen16]

Quote:

Originally Posted by CTinline-six

Yup, let's make everything streamlined and cheaper by using cloud systems... until something happens and then everything is F'ed at the same time.

The onion layer defense model using separate clouds for everything does have a few upsides. The small city where I work just suffered a ransomware attack last week, and their commodity cloud services like email didn't seem to be impacted.

Of course, they probably haven't seen the double-extortion plot twist yet, or the massive DDoS attack against surviving resources to put them further out of business just as they start recovering.....

[Silence*]

As someone who works in parts at a BMW dealership that uses CDK... I can confirm its pretty much a nightmare right now. Most of our systems are tied into CDK so I have no way of giving quotes with prices, making invoices or even seeing if we have a part in stock right now. We also don't have any kind of back up system to locally switch to so... yeah. Fun times. My vacation next week can't start soon enough lol.

[Lady Jane]

Quote:

Originally Posted by vreihen16

As for the money part, just open a pizza business near JJ 911SC and you'll be set for life.....

Like a bordello next to a Viagra factory. And I'm not into the fruity wine. Yet...

[M_Six]

I get pissed off when I see these jackass hackers get busted and then they get some slap on the wrist sentence like 3-5 years. Start putting these maggots away for 20-30.

[iminhell1]

Quote:

Originally Posted by Silence*

As someone who works in parts at a BMW dealership that uses CDK... I can confirm its pretty much a nightmare right now. Most of our systems are tied into CDK so I have no way of giving quotes with prices, making invoices or even seeing if we have a part in stock right now. We also don't have any kind of back up system to locally switch to so... yeah. Fun times. My vacation next week can't start soon enough lol.

I do Agricultural parts, we use CDK for everything also. Ya, it sucks. Today won't be any better.

[XutvJet]

This is the danger of putting all your eggs in one basket (software company). Russia, China, or Iran are likely behind this given the extent.

My son is going to school for cyber security/computer science. He looks forward to playing cat and mouse with these hackers.

[eliphil]

Quote:

Originally Posted by M_Six

I get pissed off when I see these jackass hackers get busted and then they get some slap on the wrist sentence like 3-5 years. Start putting these maggots away for 20-30.

This is a fundamental problem in our country that has to change

[vreihen16]

I read in another forum that Audi advised all of their impacted dealerships to go out and buy manual-punch time clocks for their mechanics to track warranty labor hours, because they are not expecting a quick recovery.....

[zx10guy]

Quote:

Originally Posted by M_Six

I get pissed off when I see these jackass hackers get busted and then they get some slap on the wrist sentence like 3-5 years. Start putting these maggots away for 20-30.

Quote:

Originally Posted by eliphil

This is a fundamental problem in our country that has to change

I get more pissed off that people responsible for implementing security are not punished at all despite gross negligence. To me there needs to be financial penalties and possible jail time for those that shirk their professional responsibilities. Two situations come to mind are the OPM and Equifax breaches. Both of these were entirely preventable as both had notice of a specific vulnerability that required patching which they ignored to address.

[BMWGUYinCO]

I work in IT and within Healthcare.

Our genius CIO decided 2 years ago to move our critical, non-cloud native EHR system to the Azure cloud...but cheaped out on paying for cloud redundancy (Azure globally redundant storage, or "RA-GZRS" and a recovery environment in another availability zone). "The cloud doesn't ever fail" he told me. We went into Azure....for anyone in the business, you know that cloud is actually staged within geographic regions called an availability zone in order to reduce latency over distance.

And guess what? Our Azure availability zone experienced a 12 hour failure about 8 months ago. Did I tell you I work in critical healthcare?

Of course, everyone rushed me and asked how this could possibly happen...I explained the scenario and produced the emails and documentation I had, that showed I had expressed my opinion that we should absolutely pay for RA-GZRS as well as stage a recovery environment in another availability zone but that didn't matter one bit - I was back-whipped until my team could work with Microsoft to restore services.

But that CIO received a massive bonus payout last year for reducing costs. There is little hope for Corporate America and especially in IT, as the prevailing theory is that we "can do more with less".

[zx10guy]

Quote:

Originally Posted by BMWGUYinCO

I work in IT and within Healthcare.

Our genius CIO decided 2 years ago to move our critical, non-cloud native EHR system to the Azure cloud...but cheaped out on paying for cloud redundancy (Azure globally redundant storage, or "RA-GZRS" and a recovery environment in another availability zone). "The cloud doesn't ever fail" he told me. We went into Azure....for anyone in the business, you know that cloud is actually staged within geographic regions called an availability zone in order to reduce latency over distance.

And guess what? Our Azure availability zone experienced a 12 hour failure about 8 months ago. Did I tell you I work in critical healthcare?

Of course, everyone rushed me and asked how this could possibly happen...I explained the scenario and produced the emails and documentation I had, that showed I had expressed my opinion that we should absolutely pay for RA-GZRS as well as stage a recovery environment in another availability zone but that didn't matter one bit - I was back-whipped until my team could work with Microsoft to restore services.

But that CIO received a massive bonus payout last year for reducing costs. There is little hope for Corporate America and especially in IT, as the prevailing theory is that we "can do more with less".

I would expand on the "can do more with less" with if we don't see an actual dollar figure on ROI, then it's not worth spending the money. This applies to what you brought up with redundancy and resiliency along with security and backups. This goes back to what I said concerning the people in charge of overseeing critical systems particularly in the realm of security. With my examples in my initial post here, you have people's PII being dumped into the dark web that we have to deal with the ramifications not the ass in charge that made our data vulnerable which we didn't volunteer for them to hold in the first place. And in the case of OPM, the same thing. People that applied for, have, or held high level security clearances now have their deep personal histories held by the CCP. Again, the ass in charge didn't get punished in any way. A contractor was used as a scapegoat in typical government fashion.

[vreihen16]

https://www.usatoday.com/story/money...t/74175607007/

A group that says they hacked software company CDK Global is demanding tens of millions of dollars in ransom, Bloomberg reported.

Quote:

CDK, which provides software to car dealerships in North America, intends to pay the ransom but discussions are subject to change, according to Bloomberg's report which cited a person familiar with the situation.

The source said the group behind the hack is believed to be based in eastern Europe, Bloomberg reported.

[anthon.a]

they are supposed to Deliver my i4-M50 on Thursday, I wonder if it will get pushed back.

Big companies are big targets, we sometime meets SMB customers dealing with BIG outsourced ERP and we are dumbfounded when we see all the missing security... "what no MFA" no "conditional access" , what you can login from anywhere???

[OCRick82]

I stopped by to visit a buddy at the BMW dealer by my house yesterday and they were either still down or experienced a new attack.

Crippled,some customers were ticked but what can you do?

[Our03z4]

My BIL works for CDK and they've had him not working since the attack. Still has to be on call but has nothing to do as he can't access anything.