Auto Dealers and Cyber Security June 2021

9029238069?profile=RESIZE_400xAuto News recently published a cautionary article reporting, “Auto dealers are getting better at protecting their computer networks from cyberattacks, an information technology consultant who works with dealerships told me last week.  They are investing in phishing training, a process that tests whether employees click on suspicious emails and trains those who do on proper security practices.  More are carrying cyber insurance.  They are talking to colleagues in industry peer groups about best practices.  Just as dealerships have improved their defenses against hackers, the hackers have started using a different playbook.” 

In the past, criminal hackers would deploy automated programs that would lock up files once someone clicked a malicious link or attachment in an email.  Then antivirus software and firewalls improved and started blocking the malware.  Hackers are smart and pivoted to new techniques.  Today, when they gain access to networks, they embed malware into systems to figure out how systems are designed and create a malicious foundation for a cyber-attack before it is launched.[1]

The attacks in question, often ransomware variants, can be devastating to a dealership.  In the forefront is the Colonial Pipeline ransomware attack, which resulted in the ransom payment of USD $4.4 million.  Auto dealerships are not immune.  So have dealerships.  A cyber security firm who specializes in supporting auto dealerships says, "we see credible, critical-level threats a few times a week."  "The attackers have identified industries where they're not doing enough defense.  And dealers are one of those."

New threat intelligence software can better detect hackers rooting around inside computer networks, but it's newer technology, and many dealerships aren't yet using it.  Awareness to the severity of cyberattacks and what's at stake for dealers, including the possibility of having their operations shut down entirely, is a top priority.  "Dealers have always struggled with readiness when it comes to cybersecurity.  Dealers started doing more things, but now the game has changed substantially, and they are not ready," said the researcher.    

Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives.  Internal monitoring is common practice and very important, however, external threats are often overlooked and can represent an early warning of impending attacks.  Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. 

Red Sky Alliance is in New Boston, NH   USA.     We   are   a   Cyber   Threat   Analysis   and   Intelligence Service organization.     For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or

Interested in a RedXray subscription to see what we can do for you?  Sign up here:   


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!