As the automotive industry rapidly transforms into a smart mobility ecosystem, the complexity and scale of cyberattacks are growing. Emerging threats include vulnerabilities in connected vehicles, the use of generative AI (GenAI) to lower the bar for threat actors, increasingly diverse attack vectors, and threats from the deep and dark web.
The rise of connected fleets, EV charging stations, IoT devices, and mobile services provides attackers with more surfaces to exploit. Additionally, advancements in GenAI enable black hat hackers to execute large-scale attacks more quickly and effectively than ever before.
According to Upstream Security’s “2024 Global Automotive Cybersecurity Report,” the following trends have been observed:
1. Shift from Experimental to Large-Scale Attacks
The nature of cyberattacks in the automotive sector has changed significantly. What were once sporadic experimental attacks have evolved into large-scale, impactful incidents. By 2023, the number of high-scale events capable of affecting thousands to millions of mobile assets increased by 2.5 times compared to 2022. This shift indicates both enhanced attacker capabilities and increased vulnerabilities within the automotive ecosystem.
Severe cyberattacks, such as ransomware attacks on OEMs or Tier 1 suppliers, can lead to business disruptions or production delays. Data breaches and privacy invasions are also common and costly. As commercial fleet operators (e.g., car rental, logistics, and delivery companies) increasingly rely on networks and software for vehicle management, their cybersecurity risks multiply. Remote updates pose greater risks than physical updates, as wireless communications open doors to large-scale cyberattacks that could simultaneously impact multiple vehicles or entire fleets.
2. GenAI Brings Both Benefits and Risks
As the automotive industry’s competitive edge continues to be driven by digital transformation, the adoption of generative AI (GenAI) is inevitable. GenAI offers new opportunities for cybersecurity defense tools but also lowers barriers for attackers. Threat actors can leverage large language models (LLMs) to quickly identify vulnerabilities and learn how to exploit them, automate sophisticated phishing attacks, generate convincing fake content (social engineering), and create malware capable of adapting and evading detection systems. Its adaptability and efficiency make it possible to bypass traditional cybersecurity measures and launch large-scale attacks successfully.
API attacks are particularly vulnerable to GenAI threats. Attackers can use GenAI to explore API documentation and target backend servers, resulting in data breaches or denial-of-service attacks. These attacks can originate from any entity communicating with the API, including the vehicles themselves, charging stations, mobile applications, and third-party apps. To counter the new attack methods introduced by GenAI, deploying advanced detection, investigation, and resolution capabilities early is crucial.
3. Increasingly Diverse Attack Vectors
As connected vehicles become more prevalent, their complex software architectures significantly increase the risk of cyberattacks. Vulnerabilities in connected vehicle systems, automotive APIs, and supporting infrastructure can be exploited to remotely control vehicles and access sensitive data, posing significant threats to safety and privacy.
According to Upstream Security’s analysis of 2023 attack incidents, 95% of attacks were executed remotely, with 85% being long-distance attacks (e.g., API-based attacks). These attacks rely on network connections (e.g., Wi-Fi, Bluetooth, 3G/4G/5G) and can potentially impact large numbers of vehicles simultaneously.
Attacks on backend servers and infotainment systems have surged, with server-related incidents growing to 43% in 2023, an 8% increase from 2022. Common scenarios include black hat attackers exploiting backend server vulnerabilities to target vehicles in motion. Attacks on infotainment systems have also doubled, rising from 8% in 2022 to 15% in 2023.
EV charging infrastructure is another primary target for attackers. Beyond the risk of network threats disrupting the charging process, new threats related to various charging attack vectors continue to increase, including vehicle-to-charging network, grid-to-vehicle, and grid-to-fleet attacks. Chargers are susceptible to physical and remote manipulation, exposing EV users to fraud, data breaches, and even ransomware attacks. As EVs become more widespread, ensuring the security of this critical infrastructure is paramount.
4. The Rise of the Deep and Dark Web
The deep and dark web have become hotbeds for automotive cyber activities. Threat actors use these platforms to share knowledge, tools, and strategies, significantly increasing the scale and impact of attacks. In 2023, activities related to the automotive and smart mobility ecosystem on the deep and dark web increased by 156%, with 64% of cyberattacks conducted by black hat hackers.
According to Upstream Security’s analysis of automotive cybersecurity activities on the deep and dark web, examining the 300 most active threat actors revealed that nearly half of the activities (48%) targeted multiple OEMs or automotive suppliers rather than a single OEM/automaker. Monitoring and mitigating threats from these underground networks will be a key focus for automotive cybersecurity professionals in the future.
Security Design and Multi-Layered Cyber Defense
In addition to adhering to vehicle safety design principles, it is essential to deploy proactive multi-layered cybersecurity architectures to protect vehicles at every stage of their lifecycle. Various security solutions can be employed, including endpoint security, network security, cloud security, API security, and internal segmentation techniques.
For instance, leveraging automotive cloud technology can extend detection ranges to a wide array of mobile assets and network threats, including vehicle telematics, OTA updates, remote commands, and diagnostics. This technology can also identify multi-vehicle attacks through a comprehensive fleet security view across vehicles, applications, and other connected services.
OEMs and charging point operators (CPOs) should continuously deepen cybersecurity risk assessments and deploy cybersecurity solutions to protect strategic EV charging infrastructure. As cyber threats evolve, the industry must remain vigilant and adaptive to ensure the safety and reliability of connected and autonomous vehicles.
Reference: https://upstream.auto/reports/global-automotive-cybersecurity-report/
