Cyber ​​attacks: automotive industry badly affected

Cyber ​​attacks: automotive industry badly affected

Share post

A new study shows that the automotive industry and suppliers are particularly often affected by cyber incidents. Trend Micro has examined the cyber attacks and evaluated the data: it shows 50 significant security incidents between 2021 and 2022.

Trend Micro publishes a new study on automotive cybersecurity. The analysis of more than 50 significant security incidents between January 2021 and June 2022 shows: All areas along the production and supply chain are affected. Suppliers are particularly at risk. Ransomware attacks and data theft are the most common. The Japanese IT security specialist also identifies high-risk areas of networked cars and makes security forecasts for 2023.

Rapid development forces security gaps

The automotive industry is under pressure to master the transformation to electromobility. Due to the energy crisis, the development has picked up speed. More and more electric cars are coming onto the streets. However, the changes in the industry also increase the risk of security vulnerabilities that can be dangerous for manufacturers, suppliers and customers. Cyber ​​criminals exploit vulnerabilities along the entire production and supply chain. According to the study by VicOne, Trend Micro's subsidiary specializing in automotive cybersecurity, suppliers are most often affected: They were involved in 67 percent of the incidents investigated.

Smaller suppliers in particular are often less well protected against cyber attacks and take longer to recover. This leads to production delays and failures. The greatest risk is currently ransomware attacks. During the study period, 43 companies from the automotive industry were victims of such attacks. Malware from the Conti family was used most frequently. There were also nine data incidents. In particular, customer information (41,7 percent) and sensitive company information (16,7 percent) were stolen.

Three high-risk areas

In the context of connected vehicles, Trend Micro has also identified three high-risk areas that are particularly vulnerable to cyberattacks. Manufacturers should have these on their agenda:

Charging stations for e-cars

Charging stations and battery management systems can easily become targets for hackers. Electric cars typically use lithium polymer batteries and require extensive intelligent controls to work well. Compared to a conventional car, an electric vehicle has more sensors and uses more communication protocols. Security gaps can arise, especially when exchanging data with the charging station.

Cloud APIs (Application Programming Interfaces)

Most cars today have integrated SIMs (eSIMS) through which they communicate with a backend cloud server. This enables applications, for example, to lock and unlock the vehicle remotely or to exchange traffic data with other participants. A cloud API is an important part of the network architecture and must be well secured. In the automotive industry, vehicle-specific cloud APIs are used, which can have vulnerabilities.

Remote Keyless Entry (RKE) systems

RKE makes it possible to unlock a car and start the engine without having to put a physical key in the lock. A radio frequency (RF) signal is usually used. There are numerous vulnerabilities in such RKE systems that attackers can easily exploit to steal the vehicle. Although these vulnerabilities have been known for a long time, they have not yet been completely closed.

Security forecasts 2023

In addition to the three high-risk areas, the study identifies several security trends that security managers in the automotive industry should pay particular attention to in 2023:

  • Ransomware will continue to impact the automotive supply chain.
  • Vulnerabilities in open source software components used in vehicle development are a growing risk.
  • Over-the-air attacks such as replay, relay, jamming, and man-in-the-middle are on the rise.
  • In-vehicle infotainment and telematics control (IVI/TCU) systems are infected with malware.
  • Because chip-level design is often insecure, vulnerabilities and attacks will increase.
  • Cyber ​​criminals will exploit OTA (Over the Air) data transmission to compromise data flow or inject malicious code in software updates.
  • Attackers can bypass the digital locks that manufacturers equip vehicles with.

"In 2022 we observed numerous cyber attacks in the automotive industry - both on the supply chain and on connected vehicles," says Udo Schneider, IoT Security Evangelist Europe at Trend Micro. “In 2023, the risk of cyber incidents will continue to increase, as hackers find a growing attack surface and attractive targets here. Many of the threats can be averted by using techniques and security best practices that have been proven in other areas.”

More at TrendMicro.com

 


About Trend Micro

As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.


 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more