CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations.

For prospective car buyers, that’s meant delays at dealerships or vehicle orders written up by hand. There’s no immediate end in sight, but CDK says it expects the restoration process to take “several days” to complete.

  • Admiral Patrick
    link
    fedilink
    English
    2
    edit-2
    6 months ago

    I was about to comment similarly.

    This is why I always advocate against cloud and “always connected” services for critical line-of-business software (and software for personal use, but that’s a slightly different but also similar argument).

    I’m unclear if CDK is a cloud service that’s offline for customers, but it sure sounds like it. The other possibility is a supply-chain attack which affected local installs, such as what happened with SolarWinds a few years ago, but with that many dealerships being simultaneously affected by CDK shutting down their systems, it seems more like the former.

    one of the ways to avoid this sort of thing happening would be a diverse array of software to choose from

    In an ideal world, that would be the case. But as is often the case with niche business software, there’s usually only a few players (if that many), and any newcomers are either bought out or can’t compete.

    • Flying Squid
      link
      16 months ago

      Isn’t that monopolistic though? I realize this is a pipe dream, but wouldn’t it be theoretically possible to use the law to stop that?

      • Admiral Patrick
        link
        fedilink
        English
        2
        edit-2
        6 months ago

        I don’t know much about the market for car dealership software, but I work for a non-profit that deals with environmental remediation. Finding LOB software that meets our needs is an absolute nightmare because it’s so niche. What we can find is either crazy expensive, doesn’t do what we need it to do, is from some terrible fly-by-night vendor, or some combination of those. So when you do find something that mostly meets your needs, you pretty much have to take what you can get.

        The government can incentivize or contract out companies to write software, but AFAIK, they can’t compel any company to do so. IANAL, but I would also assume they’d need to stop approving any M&As that may be contributing to market consolidation

        You basically nailed it with “pipe dream”.

        • Flying Squid
          link
          16 months ago

          I guess the only other option would be for the companies to write the software themselves, which they don’t have the time or the money to hire people to do, I’m sure.

          • Admiral Patrick
            link
            fedilink
            English
            2
            edit-2
            6 months ago

            Right.

            In reality, we’d end up with about a million Access “databases” (or Excel files) getting emailed around, lost, stolen, corrupted, etc (ask me how I know that lol).