Over the past few months, the automotive industry has faced a blight of ransomware attacks, which have affected the availability of new cars and parts, dealership payroll and inventory, and, as a byproduct, global economies. According to the Center for Automotive Research, the automotive industry and related goods and services account for as many as 8 million jobs in the US, demonstrating the potential economic effects of recent attacks.
Notable recent disruptions to the automotive industry:
CDK
Beginning on June 19, 2024, BlackSuit ransomware targeted CDK, a software solution that provides car dealerships with inventory, invoicing, and payroll tools. As reported by multiple sources, CDK paid a $25 million ransom payment to the threat actors. Even with the alleged payment, the restoration of CDK services proved to be a monumental effort, with some organizations still working to fully restore operations. However, the ransom payment pales in comparison to the estimated business interruption losses this event has caused, which is assessed to be as high as $1 billion- a significant blow to the US economy.
AutoCanada
AutoCanda, a support software for dealerships primarily located in Canada, faced a security incident beginning on Sunday, August 11. At the time of this reporting, no threat actor has claimed responsibility for the incident, and the cost of business interruption is yet to be assessed. This cyber disruption comes amid difficult times for AutoCanada, which reported a loss of $33.1 million in Q2 2024.
Toyota
A threat actor operating under the monicker, ZeroSevenGroup,leaked approximately 240 GB of data associated with Toyota to the dark web. The leak includes personal and professional contact details, financial records, customer profiles, business plans, employee information, and more, according to Cyber Press. While this incident may not directly affect Toyota’s ability to conduct business, it could produce reputational challenges and prompt significant data security inquiries.
Analyst Comments
The automotive industry continues to face a myriad of challenges, from supply chain issues during COVID, to significant dealer markups, to plummeting used car prices. Now, recent cyberattacks bring the industry’s supply chain and third-party tools under scrutiny. In the coming months, it is likely that dealerships and manufacturers will increasingly evaluate and undertake heightened due diligence into their third-party supply chain to assist in mitigating their cyber risk exposure.
Sources
CDK hack shows SEC disclosure standards are unsettled
TOYOTA Data Breach – Hackers Group Leaked 240 GB of Data Online
AutoCanada discloses cyberattack impacting internal IT systems
The Used Car Market Is Collapsing in 2024 – What Buyers and Sellers Need to Know
Wallets tied to CDK ransom group received $25 million two days after attack
CDK warns: threat actors are calling customers, posing as support
Contribution of the Automotive Industry to the Economies of all Fifty State and the United States
Related Resources
![]()
Iranian Hackers Working with Ransomware Groups
An Iranian threat group linked to the GOI collaborates with ransomware affiliates, aiding network access and extortion for a ransom share.
Read more![]()
FIN7 Return Drives Increase in Cl0p Ransomware Attacks
FIN7 resumed operations in April 2024, fueling a rise in Cl0p ransomware attacks. Their partnership poses a heightened threat, using malvertising and trojans to target victims.
Read more![]()
Malware Spotlight: Fog Ransomware
The Fog ransomware group is one of the few threat actors targeting one industry: education. This spotlight explores the group’s observed behavior, background information on the threat actor, and a technical analysis of Fog’s ransomware executable.
Read more
