Dealerships and Viruses

4411740630?profile=RESIZE_400xNew car showrooms are closed.  Inventory is backing up.  Auto dealers are cash strapped and ready to negotiate a good deal, almost any deal.  So, if a person in the market for a new car, in good health and has a solid job (even with the various state “lock downs”), the timing is very good to buy a new car.  Car shopping will currently be electronic, but salespersons are willing to sell cars and reduce their inventories.  If you are a savvy online shopper and ready to negotiate a price by email or phone; you’re in luck.

The rules facing car dealerships vary from city, county, state or even auto manufacturer rules.  Some government rules are allowing showrooms to stay open.  Some places do not permit ANY sales, including online sales.  These are two ends of the sales spectrum for dealers to follow during the Corona Virus outbreak.  US governors can set rules, but local rules will take precedent.  This all due to a “virus.”

How desperate are auto dealers?  Auto sales are a cash-flow business and this current virus-related pandemic is directly affecting the economic impact on dealerships; and it’s severe.  Some auto analysts are saying, “If you rely on selling 10 cars a day, and you’re selling one or zero, that’s $350,000 a day.”

There are about 16,700 car dealers in the US and 4,752 in Canada.  Everyone is feeling the pinch.  AutoNation, the US’s largest chain of car dealerships, recently laid off 7,000 workers and said it would delay $50 million in capital spending.[1]   Penske Corporation, which runs another large dealer chain, said it would furlough an unidentified number of workers and delay $150 million of capital investment.  This is matching the 2008-2009 financial slump’s effect on the auto sales industry.  Some believe this time, it’s worse.

US passenger vehicle sales were already falling since its historic yearly peak of 17.46 million vehicles sold in 2016.  Auto debt is also a problem.  Economists are warning that 7 million car customers were 90 days or more behind on their auto loans in 2019.  Automakers were already trying to avoid widespread negative profit sales incentives.  Then the COVID-19 “virus” pandemic hit North America.

If currently looking to buy a car, the best price breaks will go to those willing to negotiate and walk away if the dealer does not agree to a “reasonable” price.  Even in traditional tough sales times, salespersons will naturally try to squeeze out the highest price possible while upselling options and extras.  Although no dealership is willing to go on the record admitting it, auto industry experts say dealers will sell at a loss to keep some cash coming in.  One big reason cash flow is low during these times, is that people are not bringing in their cars in for service, a once profitable cash flow operation. 

Even with online transactions, delivering the car and finalizing the paperwork involves human interaction and therefore a risk of exposure, however many believe to be small risk.  Many car dealers and most banks can, in 2020, accommodate electronic signatures and/or can deal with paperwork transactions via private or public mail services.[2] 

The ease of online, virtual car buying will vary - depending on the dealer.  The range in online expertise can be seen on the websites of two different California Toyota dealerships, who sell the same products.  Analysts discovered that it was difficult to figure out whether a car could be bought online at one of the two Toyota dealers.  The chat function of this dealer had to be checked twice to see if “Internet Sales” were supported.  What appeared to be a human on the other end, answered they “didn’t know.”   The other Toyota dealership web site included a dropdown option on its homepage marked, “Express Store” that seamlessly takes a buyer through the entire purchase process.  Yet, at the end of this e-transaction the customer is instructed that a sales representative would help complete the paperwork (with the distinct possibility of an upselling opportunity). 

OK, so you are ready to buy a new car “on-line” due to the current “virus.”  Well, what about the other viruses?  Cyber viruses.  That is, malware used to steal your personal identifying information (pii), needed to complete a sales purchase.  If you are ready to buy a car online, how would you know if the dealership’s network is compromised with malware – you DON’T.  As recently as January 2020, a sales manager at a US Northeast area auto conglomerate, we will call the Acme Automotive Group, had credentials exposed online.  Red Sky Alliance discovered this damning information through our RedXray analytical tool; specifically observing data breach collections.  With bad actors’ permission to an Acme’s sales team account, attackers would have access to sensitive sales data which likely includes private customer information, or their pii.  The fact that this compromised network account is a manager, means a hacker would have access to many other privileged customers financial information links in the service, loan and rental departments.

4411774610?profile=RESIZE_400xRed Sky Alliance has been has analyzing and documenting cyber threats for 8 years and maintains a resource library of malware and cyber actor reports.  We can assist in the installation, updating and monitoring of firewalls, cyber security and provide employee training which are keys to blocking cyber-attacks.  Please feel free to contact our analyst team for research assistance and check out our CTAC and RedXray Threat Analysis tools. 4411779633?profile=RESIZE_400x

What can you do to better protect your organization today?

  • All data in transmission and at rest should be encrypted.
  • Proper data back-up and off-site storage policies should be adopted and followed.
  • Update disaster recovery plans and emergency procedures with cyber threat recovery procedures.
  • Institute cyber threat and phishing training for all employees, with testing and updating.
  • Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
  • Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
  • Ensure that all software updates and patches are installed immediately.
  • Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
  • Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.

 Conclusion

Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives.  Internal monitoring is common practice.  However, external threats are often overlooked and can represent an early warning of impending attacks.   Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.  Red Sky Alliance is in New Boston, NH   USA.     We   are   a   Cyber   Threat   Analysis   and   Intelligence Service organization.     For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Interested in a RedXray subscription to see what we can do for you?  Sign up here: https://www.wapacklabs.com/redxray    

Reporting:   https://www.redskyalliance.org/

Website:      https://www.wapacklabs.com/

LinkedIn:     https://www.linkedin.com/company/wapacklabs/

Twitter:        https://twitter.com/wapacklabs?lang=en

[1] https://www.cnbc.com/2020/04/03/autonation-furloughs-thousands-of-workers-due-to-coronavirus.html

[2] https://www.latimes.com/business/story/2020-04-08/buying-car-online-dealers-coronavirus

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!