While most car buyers worry about getting ripped off by salespeople, a more insidious threat has emerged behind the scenes. Over 100 auto dealerships across the country have fallen victim to a sophisticated cyber attack targeting their websites. The culprit? A supply chain compromise of LES Automotive, a shared video service used by numerous dealerships. Talk about hitting multiple targets with one stone.
The attack deployed something called “ClickFix” – a nasty little trick that shows visitors fake reCAPTCHA prompts or error messages. Unsuspecting users are told to copy commands and paste them into their Windows Run prompt. Just like that, SectopRAT malware infiltrates their computers. Pretty clever, actually. The malware gives attackers remote access to victims’ machines, allowing them to steal personal information and wreak digital havoc. This incident underscores why regular assessments are crucial for adapting to rapidly evolving cybersecurity threats.
Once you’ve been fooled by a fake reCAPTCHA, these digital carjackers own your computer and everything in it.
Researchers found Russian-language comments embedded in the malicious code, suggesting Russian-speaking cybercriminals are behind this mess. It’s part of a broader campaign targeting multiple industries. The hospitality sector got hit with similar attacks recently. These aren’t amateur hackers – they’re sophisticated operators who know exactly what they’re doing.
For dealerships, the fallout is brutal. Customer data potentially compromised, operations disrupted, and reputations damaged. This is reminiscent of the June 2024 BlackSuit ransomware attack on CDK Global that paralyzed operations for over 15,000 dealerships nationwide. Financial losses add up quickly between downtime and cleanup costs. The auto industry has become a prime target for cybercriminals, with 17% of dealers reporting attacks in the past year. Nearly half experienced negative impacts. Turns out, dealerships make perfect targets – lots of valuable data, interconnected systems, and often mediocre security.
The attack exploits a fundamental weakness in how businesses operate today. Everyone relies on third-party vendors, but who’s checking if those vendors are secure? These incidents highlight why due diligence in selecting and monitoring supply chain partners is absolutely critical. Clearly not enough people.
As dealers scramble to remove the malicious code and notify customers, one thing’s certain: in today’s digital world, it’s not just the cars that need regular security inspections.
