As the automotive industry becomes more digitalized, the risk of cyber threats grows. In fact, cybercrime in the automotive industry has grown by more than 600% since 2016, affecting equipment manufacturers, fleets, telematics, after-market service providers, ride-sharing services, and more.1 The rise in criminal activity results in a disruption to business, stolen property, and ransom demands.
Just where do the vulnerabilities lie and what kinds of information could hackers potentially obtain? The answers might surprise you.
Intellectual Property Theft
From driverless cars, vehicle tracking and remotes shut-downs, the automotive industry is getting more sophisticated by the day. To a cybercriminal, gaining access to trade secrets is always a win and once a hacker gets ahold of sensitive company information, they have the ability to sell it on the dark web or hold it for ransom. The majority of the time access to a company’s most sensitive intel begins with a single phishing email. One wrong click and the hacker can download malicious software (malware) and penetrate your company network.
Consider the first publicly planned car hacking:
- In 2015, technology researchers Charlie Miller and Chris Valasek showed the automotive industry just how serious cybercrime could be when they hacked into a Jeep Cherokee through its internet-connected dashboard entertainment system. Like something out of a futuristic movie, the researchers were able to gain control of the car’s engine, brakes, and steering. As a result, Fiat Chrysler issued a safety recall of 1.4 million vehicles in the U.S. which carried the company’s uConnect system.2
Though it was purposely conducted by researchers, similar hacks have happened since then and with the help of stolen intellectual property, cybercrimes like these are much easier to conduct.
Credential Harvesting
One primary phishing tactic is gaining access to an employee’s credentials in order to access customer information and company functionalities.
- In 2010, a disgruntled employee hacked into the database of his former Texas Auto Center employer and disabled more than 100 cars in the Austin area.3 The company used equipment known as Webtech Plus that lets car dealers install a small piece of technology under the dashboard that allows the dealer to disable a car’s ignition or trigger the horn to sound if payments are not made.
Data Breaches
- The personal data of 110,000 CityBee car-sharing customers was stolen and then uploaded to cyber-hacking The data included users' names, personal identification numbers, telephone numbers, e-mail and home addresses, driver's license numbers, and encrypted passwords.4
- Driverless cars also present an enormous potential for a data breach because they rely on vast amounts of user data in order to operate.
Ransomware
- In 2019, Braman Motors, a Florida car dealership experienced a ransomware attack in which access to all of their essential files and databases were locked. The cybercriminals demanded 65 Bitcoins or about $600,000 in ransom.5
Stronger Automotive Cybersecurity Begins With Fighting Phishing
From an industry standpoint, SAE J3061™: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems laid the groundwork for cybersecurity standards in 2016, providing guidance and best practices. More recently, cybersecurity certification has become mandatory in many European countries.6
Of course, the most important cybersecurity measures rest in the arms of those who could become victims. Organizations throughout the automotive industry are at great risk of cyberattacks on a regular basis, and yet many go unprotected. According to one study, nearly 30 percent of companies in the automotive segment lack a cybersecurity team to help combat pending threats.7 Clearly, it’s time for companies in the automotive industry to change their approach to cybersecurity and take the actions necessary to protect themselves.
The best way to fight cybercrime is to combat email phishing – especially considering successful cyberattacks start with phishing emails 91% of the time.8 Thankfully, innovative and effective solutions exist. One that stops email phishing threats before they can destroy companies.
INKY provides the most comprehensive email phishing protection available – capable of stopping malware, ransomware, and more. How? INKY scans every sent and delivered email automatically and flags malicious emails, protecting you from even the most complex threats. INKY’s intelligent machine learning algorithms identify abnormalities in emails, even if the threat has never been seen before. INKY’s Banner warns employees of threats while protecting and training them at the same time.
Installation is simple too. INKY is compatible with just about every email platform and our installation team has most customers are up and running in under an hour – even with remote employees. Schedule a demo or inquire today.
----------------------
INKY® is the most effective hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.
1Source: https://www.helpnetsecurity.com/2020/01/06/automotive-cybersecurity-incidents/
2Source: https://www.bbc.com/news/technology-33650491
3Source: https://www.wired.com/2010/03/hacker-bricks-cars/
5Source: https://scalirasmussen.com/news/2020/03/01/ransomware-attack-hits-car-dealer
7Source: https://cisomag.eccouncil.org/2764-2/
9Source: https://securityintelligence.com/posts/automotive-cybersecurity-new-regulations/