Cyber Threats: The 2023 VicOne Automotive Cyberthreat Landscape Report identifies the supply chain as the primary target of increasing cyberattacks on the automotive industry. This also shows a list of cyber-based trends and incidents that have threatened the automotive industry.
VicOne has unveiled its new Automotive Cyberthreat Landscape Report 2023. The comprehensive annual report on cyber threats across the automotive industry is based on data from automotive original equipment manufacturers (OEMs), suppliers and dealers worldwide and includes the following key points:
- The indication of the growing use and monetization of automotive data - and the associated risk of exploitation by cybercriminals
- A list of cyber-based trends and incidents that have threatened the automotive industry this year
- Forecasts on upcoming threats and how to ensure an effective cybersecurity strategy for the next year and beyond
“In our analysis of the threat landscape, we found that automotive industry losses from cyberattacks exceeded $11 billion in the first half of the year, an unprecedented increase compared to the last two years,” VicOne said Automotive Cyberthreat Landscape Report 2023.
$11 billion lost due to cyberattacks
A closer look shows that these cyberattacks were primarily aimed at automotive suppliers, which indicates an increasing risk potential in these areas. What's alarming is that over 90% of these attacks targeted other companies in the supply chain rather than the OEMs themselves. Cybercriminal attackers often find it difficult to penetrate well-protected companies, so they instead target less vigilant companies.
The Cyberthreat Landscape Report 2023 report addresses the cybersecurity challenges associated with the increasing complexity of vehicles due to the use of improved connectivity and automation, as well as the emergence of advanced driver assistance systems (ADAS). It shows that industry losses are increasing due to cyberattacks via ransomware and the exposure of sensitive business data or personally identifiable information (PII), as well as costs associated with system failures.
Many security holes discovered
The calculations in the VicOne Automotive Cyberthreat Landscape Report 2023 are based only on the tangible costs incurred associated with damaged or blocked technology and disruption to production operations, and not on intangible costs of cyberattacks such as brand maintenance, public relations, sales and marketing expenses.
The report identifies the main security vulnerabilities that can compromise vehicle data and lists the Common Weakness Enumeration (CWE) vulnerabilities in tables. The most common vulnerabilities documented by VicOne include out-of-bounds write (OOBW), out-of-bounds read (OOBR), buffer overflow, use after free vulnerabilities, and incorrect input validations. Most vulnerabilities were found in chipsets or systems-on-chip (SoCs) circuits, followed by vulnerabilities in third-party management applications and in-vehicle infotainment (IVI) systems. Third-party providers such as logistics companies, service providers and component, accessory or parts manufacturers are increasingly being targeted by hackers.
Last year's attack patterns
The VicOne report includes case studies of some of the top attack patterns from the last year. These include the Zenbleed vulnerability, which can lead to the leakage of sensitive data at a remarkably high speed of 30 kB/s per computer core, the so-called CAN bus injection, which has become a popular technique among vehicle thieves, and Penetrating the backend cloud infrastructure by exploiting vulnerabilities in telematics systems and application programming interfaces (API).
Directly to the PDF report at VicOne.com
About VicOne
With a vision to secure the vehicles of tomorrow, VicOne offers a broad portfolio of cybersecurity software and services for the automotive industry. VicOne's solutions are specifically designed to meet the stringent requirements of automotive manufacturers and are designed to meet the specific needs of modern vehicles.