While connected vehicles can offer many benefits, it also brings a risk of increased cyber attacks. Recent examples have included state-backed actions, says Upstream’s comprehensive analysis.
The cyber-security specialist’s free 90-page 2022 Global Automotive Cybersecurity Report covers 244 known automotive cyber incidents during 2021.
This report was created by analyzing 900 publicly reported incidents that occurred since 2010, with an increase of more than 225% in the number of incidents taking place in 2021 alone, when compared to 2018.
It is possible that additional automotive cyber attacks occurred but have not been publicly reported, adds Upstream.
Its analysts connected the dots between the 900+ incidents to deliver actionable insights:
- The ISO/SAE 21434 standard and global regulations including WP.29 R155 & R156
- Charging network vulnerabilities
- The rising number of automotive-related attacks are carried out remotely (84.5% of total attacks)
- Black-hat hackers are becoming increasingly active, accounting for 56.9% of incidents
The report aims to answer the question being asked by OEMs: How will companies protect the hundreds of millions of vehicles that are expected to be on the road by 2025, each expected to produce at least 25GB of data per hour, from today’s known threats and unknown future threats?
The ongoing battles occurring in the cybersecurity space are said to be carried out by state-sponsored hacking groups who are increasingly targeting public systems that impact the day to day lives of its citizens. Like many hacks, it is difficult to pinpoint their locations or any official government approval to their actions, yet they focus on similar targets and impact.
There have been a number of incidents, covered in the report. For example in November 2021 it was discovered that American companies including healthcare and transportation firms, were hit by cyber attacks conducted by foreign government-backed groups that have been operating as far back as September 2020.
According to a cybersecurity alert published by the U.S. Department of Homeland Security (DHS), the hacking group had launched disruptive cyber attacks against a wide range of U.S. companies as the hackers managed to exploit old software vulnerabilities in products made by major software developers to break into victim computer networks.
An American-Japanese multinational cybersecurity software company claims that in 2021 regional state-sponsored threat actors have been targeting transportation organizations and government entities related to the transportation sector since the middle of 2020.
The threat actors have been around since 2011, conducting cyber attacks against organizations in government, healthcare, high-tech, and transportation sectors in Hong Kong, the Philippines, and Taiwan.
Also in 2021 two major Israeli public transport companies were hit by a ransomware attack and had their data leaked to the darknet. In addition to the stolen data, the attack had brought the companies’ websites down.