As vehicles become increasingly complex and more connected to the Internet, they are also becoming more vulnerable to cyber attacks. Not only are threat actors targeting connected cars, they are also conducting cyber espionage campaigns targeting manufacturers to gain competitive advantage. FireEye has seen multiple intrusions in the automotive industry in Europe over the past few years, mainly from Chinese attackers. Additional activity has been seen from North Korea and Vietnam.
The threats FireEye is observing targeting the automotive industry include:
Cyber espionage for competitive advantage: Cyber espionage remains a high threat to the industry, given its highly competitive nature and market pressure to deliver the latest technological and mechanical innovations. FireEye has most often observed malicious activity targeting the automotive industry for cyber espionage purposes from groups linked to China, but also found activity from North Korean and suspected Vietnam-linked groups. These state-sponsored threat actors aim to steal information from automotive manufacturers such as proprietary research, development data, and intellectual property that could provide an economic or competitive advantage.
Cyber espionage for military use: Nations also conduct cyber espionage campaigns against the automotive industry to obtain information on technological progress that can be appropriated for military applications. Stealing intellectual property from an automotive designer or manufacturer could provide nations with data regarding variety of technologies useful for militaries, including autonomous vehicle systems, artificial intelligence (AI)-related technologies, and sensor packages, without needing to conduct the often expensive and time-consuming research and development associated with these technologies.
Cyber threats to manufacturers: FireEye has observed numerous exposed control systems from industrial environments and manufacturing plants in the automotive sector across Europe and globally. While these environments are targets for malicious cyber activity, smaller companies in supply chains have also been targeted, as they are often perceived as an easier target for cyber actors to compromise, then used to abuse trusted connections in the supply chain to access the main target’s networks. The compromise of a manufacturer, whether directly or through a trusted third-party, could allow a range of malicious activities, including theft of sensitive data, disruption of manufacturing processes, and compromise of vehicle-based computer systems.
Cyber criminals targeting connected vehicles: As more cars use keyless entry systems and electronic fobs to lock and unlock car doors, criminals have increasingly exploited vulnerabilities in these systems to gain unauthorised access to vehicles. Additionally, security researchers have conducted proof-of-concept (PoC) compromises against vehicles to illustrate how threat actors can exploit vulnerabilities in a car’s systems—even if they are not in the target’s immediate proximity. Manipulating cars on the road poses an immense physical danger to drivers, passengers, and those in the surrounding area.
Risks to autonomous vehicles: As automotive companies begin to develop vehicles with more autonomous capabilities, researchers have found ways to disrupt vehicle sensors, allowing them to interfere with systems such as road sign recognition. While there is only a low likelihood that criminals will conduct this type of activity on a large scale due to the technical complexities involved, the automotive industry’s race to develop autonomous vehicles will likely lead to an increase in cyber espionage activity. This activity could include cyber espionage actors stealing a competitor’s artificial intelligence technologies from one organization to accelerate a competitor’s driverless car research and development, disrupting a company’s research operations, sabotaging development efforts, and other similar malicious activities.
Ransomware campaigns on the automotive industry: FireEye has observed ransomware campaigns affecting the automotive industry across Europe, which can cause substantial data loss. This activity includes the WannaCry ransomware campaign, which disrupted the operations of many companies globally, including in the automotive industry.
“From Internet of Things devices to connected cars, adversaries are increasingly capitalising on the heightened connectivity of today and using it unlawfully to gain a competitive or financial advantage. The danger to the automotive industry is particularly worrying due to the potential physical safety risk of a successful attack. To combat these threats, the sector must continually improve security measures and build strong, proactive defences into vehicles to protect against these malicious activities,” said Parnian Najafi Borazjani, Senior Threat Analyst at FireEye.