The automotive sector, throughout its history, has proven to be a very important and constantly growing industry, mobilizing increasing amounts of money. Perhaps for this very reason it has become one of the most tempting targets of cybercrime.
It is this same economic component, associated with the application of technological innovation (connected vehicles, autonomous vehicles, etc.), which places both companies and entities in the sector in the crosshairs of malicious agents and cybercriminals.
High degree of vulnerability to cyberattacks, S21sec conclusions
We now bring to publication the recent conclusions of S21sec, one of the main European cybersecurity providers. This entity analyzed in detail the cyberactivity of the automotive industry throughout 2022.
Their conclusions identify a considerable increase in incidents of a different nature. Most of the cyberattacks detected had as initial entry vector the exploitation of a vulnerability in the infrastructure of organizations.
However, and simultaneously, the attacks of data hijackingsale of accesses, sale of databases and data infractions🇧🇷 That is, from security holes.
On this issue, experts warn that criminal activity against companies in this sector will increase in the coming months.
EITHER data hijacking is an imminent threat
EITHER data hijacking, a type of attack whose objective is to access one or more computers to encrypt the information of a target, be it a user or an organization. They then demand a ransom in exchange for their return.
This threat has positioned itself as one of the main threats that the automotive industry can face.
In fact, up to September of this year, there were 41 ransomware attacks against organizations in this sector, with the month of March standing out due to the high number of incidents.
the groups of data hijacking Those that attacked this sector the most were the Lockbit group, with 10 attacks against car companies, and the Conti group, with 8. Regardless of the sector.
In fact, these two groups were among the most active during 2022. This although the trend may change in the coming months, since the Conti group ceased its activity after the publication of its source code.
These types of attacks have evolved into double and triple extortion techniques. In a double extortion attack, cybercriminals, in addition to encrypting the data, threaten the victim to publish or sell the information they have encrypted.
In the case of triple extortion, in addition to threatening the victim to publish the stolen data, the attacker puts pressure on the victim’s technological infrastructure with DDoS attacks.
Selling confidential information on the deep web
S21sec also identified an increase in the sale of initial access to forums on the Deep Web by so-called IABs (Initial Access Brokers).
These are the ones in charge of obtaining different types of access to organizations (such as access credentials to equipment, VPN or RDP access). This is done by using different tactics and techniques, which they then sell on various ‘underground’ forums or to affiliates of ransomware groups.
By the way, during the period analyzed, 24 initial access sales were found to companies in the automotive sector in different underground forums such as Exploit, RAMP or XSS.
5 recommendations for companies
Security agency experts share the following recommendations for these companies dedicated mainly to the manufacture and sale of vehicles:
- Sensitize the team for cybersecurity issues and be aware of insider threats. The human factor is, in most cases, the one that facilitates most cyber incidents;
- Do not use corporate email to register on sites outside the entity and pay attention to emails/SMS/WhatsApp sent by unknown people etc.
- Implement strong cybersecurity policies in all companiesmonitoring all behaviors and activities carried out inside and outside the organization that put the business at risk.
- audit regularly the entire technological infrastructure of the organization, without forgetting the OT component.
- Maintain operating systemsantivirus and detection programs, among others, constantly updated and implement, as soon as possible, all patches of security published by different companies to correct the security vulnerabilities of the systems.