The automotive sector, throughout its history, has proved to be a very important and constantly growing industry, mobilizing ever-increasing amounts of money. Perhaps for this very reason it has become one of the most tempting targets of cybercrime.
It is this same economic component, associated with the application of technological innovation (connected vehicles, autonomous vehicles, etc.), which places both companies and entities in the sector in the crosshairs of malicious agents and cybercriminals.
High degree of vulnerability to cyberattacks, S21sec conclusions
We now bring to the publication the recent conclusions of S21sec, one of the main European cybersecurity providers. This entity analyzed in detail the cyberactivity of the automotive industry throughout 2022.
Its conclusions identify a considerable increase in incidents of different natures. Most of the detected cyber-attacks had as initial entry vector the exploitation of a vulnerability in the infrastructure of organizations.
However, and at the same time, ransomware attacks, access sales, database sales and data breaches were also identified. Namely, from the security holes.
On this subject, experts warn that in the coming months criminal activity will increase against companies in this sector.
Ransomware is an imminent threat
Ransomware, a type of attack whose objective is to gain access to one or more computers in order to encrypt the information of a target, be it a user or an organization. Then they demand a ransom in exchange for its return.
This threat has positioned itself as one of the main threats that the automotive industry can face.
In fact, until September of this year, there were 41 ransomware attacks against organizations in this sector, with the month of March standing out for the high number of incidents.
The ransomware groups that most targeted this sector were the Lockbit group, with 10 attacks against car companies, and the Conti group, with 8. Regardless of the sector.
Indeed, these two groups were among the most active during 2022. This although it is possible that the trend will change in the coming months, since the Conti group ceased its activity after the publication of its source code.
These types of attacks have evolved into double and triple extortion techniques. In a double extortion attack, cybercriminals, in addition to encrypting data, threaten the victim with publishing or selling the information they have encrypted.
In the case of triple extortion, in addition to threatening the victim to publish the stolen data, the attacker presses with DDoS attacks on the victim’s technological infrastructure.
Selling Sensitive Information on the Deep Web
S21sec also identified an increase in the sale of initial access to forums on the Deep Web by the so-called IABs (Initial Access Brokers).
These are responsible for obtaining different types of access to organizations (such as equipment access credentials, VPN or RDP access). This is done through the use of different tactics and techniques, which they then sell on various ‘underground’ forums or to affiliates of Ransomware groups.
Incidentally, during the analyzed period, 24 initial access sales to companies in the automotive sector were found in different underground forums such as Exploit, RAMP or XSS.
5 recommendations for companies
Security agency experts share the following recommendations for these companies primarily dedicated to the manufacture and sale of vehicles:
Raise awareness of the team for cybersecurity issues and be aware of insider threats. The human factor is, in most cases, what facilitates most cyber incidents;
Do not use corporate email to register on sites outside the entity and pay attention to emails/SMS/WhatsApp sent by unknown people etc.
Implement strong cybersecurity policies across companiesmonitoring all behaviors and activities carried out inside and outside the organization that put the business at risk.
audit regularly the entire technological infrastructure of the organization, not forgetting the OT component.
Maintain operating systemsantivirus and detection programs, among others, constantly updated and implement, as soon as possible, all the security patches published by different companies to correct the security vulnerabilities of the systems.
Aroged editors recommend: