Skip to content

Ransomware Attacks on the Automotive Sector Are Picking Up Speed

50% of Automotive Manufacturers Are Susceptible to a Ransomware Attack

The automotive industry has started to ramp up its digitalization in their manufacturing sites but cybersecurity is still an afterthought for most organizations. For cyber criminals who are adopting ransomware attack methods, this is music to their ears.

According to a recent ransomware trends report, close to 50% of the 100 largest automotive manufacturers are highly affected by ransomware attacks. Additionally, more than 17% of automotive suppliers most likely will incur a ransomware attack.

One headline-grabbing example of a successful ransomware attack that hit automakers hard was the 2017 WannaCry outbreak. This attack affected over 200,000 computers in over 150 countries. This included France’s Renault where many of their industrial systems were exploited and were forced to temporarily idle some of their plants in Europe. Renault manufacturing plants in France, Slovenia and Romania were so affected, that all their industrial activity was shut down and remained offline for days.

A more recent example of automotive manufacturing companies being attacked is when massive vehicle manufacturers Volkswagen and Audi fell victim to the “Conti” ransomware group. Over 3.3 million customers and interested buyers in the United States and Canada were affected by this attack. The attacker was able to obtain access to their networks by scraping an unsecured Microsoft Azure server. Data stolen includes email addresses, vehicle identification numbers, phone numbers, and physical addresses.

The threat landscape of automotive manufactures will only continue to grow and the need for improved cybersecurity will become more obvious as more automotive companies will fall victim to cyber criminal attacks.

The Keys Are in The Cyber Criminals’ Glove Compartment 

No industry is safe from the threat of cyberattacks such as ransomware and this is especially true with the automotive industry. Due to implementing legacy systems and their physical cybersecurity approach, the industry as a whole needs to rethink its security strategy.

Until recently, the majority of automotive manufacturers believed the security of their manufacturing plants and enterprise IT systems were less of a priority. This meant that the typical automotive organization would keep any security attack or event out of the public eyes which resulted in their security teams ignoring the real risks at hand.

As the technology of automotive manufacturers is advancing, security is becoming more prominent not just inside the cars, but also in the manufacturing phase. According to an industrial threat research report by IBM, “automotive manufacturers were the top targeted manufacturing sub-industry in 2021, accounting for almost 1/3 of the total attacks against the manufacturing industry.”

As a result of the increasing number of attacks on the automotive manufacturing industry, organizations and their management teams are now taking security more seriously by getting a better understanding of their organization’s security strategy and how they can strengthen their security posture against attacks. While this is a good first step for organizations to understand where they are vulnerable, automotive manufacturers need to understand why cyber criminals see them as attractive targets.

Why Automotive Manufacturers Are Constantly Being Attacked 

As the automotive manufacturing industry has started to embrace more Industrial Internet of Things (IIoT) it has created an endless amount of security challenges. The most glaring security risk for automotive manufacturing systems is modernizing their technology to be more interconnected to the Internet which has resulted in their OT environments being under attack. This has impacted automotive manufacturing plants as process control devices and intelligent assembly manufacturing lines with PLCs are becoming less secure by the day. These threats are challenging the industry from a security and organizational perspective.

Additionally, cyber espionage is a large threat to the manufacturing of vehicle development, production and delivery due to the automotive industry being extremely competitive. Not just between manufacturers but actually between countries as there is a massive drive for new automotive technologies and innovation. Similar to other industries, North Korean and Russian threat actors have been linked to targeting the automotive industry. The state-sponsored attackers’ key initiative is to exploit the system of automotive manufacturers and steal information that pertains to innovative research, developments, intellectual property information and in some cases to even slow down their production lines.

Another reason why state-sponsored attackers may target the automotive industry is to steal information on new technologies that are being developed for governments and the military. By targeting automotive constructors it can provide cyber criminals large amounts of information which can include, artificial intelligence, sensor detail, autonomous vehicle systems and discrete deployment information.

One of the more recent and popular methods that cyber criminals are implementing is attacking automotive manufacturer’s supply chains via third-party vendors. These external parties can be seen as low-hanging fruit for cyber criminals as they are potentially easy entry points to compromise additional systems up the supply chain in order to gain access to the targets’ primary networks. If a third party is exploited, an automotive manufacturer would be presented with even more risks.

What Automotive Organization Can Do To Prevent Attacks 

Automotive manufacturers need to distribute their time and resources to gain a better understanding of how vulnerable their systems are and what they can do to secure their organization’s data and systems. To understand how to protect the organization’s systems, the first step is to understand the different security challenges and risks that relate to automotive manufacturer systems and equipment and which strategy is needed for better security.

With the amount of successful state-sponsored attacks over the past few years, different industrial verticals including automotive manufacturing, now understand the urgency of adopting the correct security practices when it comes to securing their OT environments. As more automotive organizations continue to modernize their OT equipment and connect their industrial networks to the Internet, it will open a door for cyber criminals to attack and move laterally within the OT networks.

Only until recently did the typical automotive manufacturer use stand-alone systems and equipment. However as technology has advanced, more organizations are connecting their legacy systems to the Internet to provide access to third-party vendors to work with their OT equipment. This new method of work has forced security teams of automotive manufacturing companies to change their mindset and approach to secure their OT networks and equipment.

While the industry is taking time to adapt to this new security approach, it is great to see the ongoing increase in awareness that is shaping the industry to become more secure. Some organizations, like Coşkunöz Holding have taken a more proactive approach when securing their OT assets with a passive network monitoring solution that is designed for OT environments. Coşkunöz Holding now has complete visibility into their OT networks, up-to-date inventory of all their production assets, including detailed critical asset visibility and vulnerability management capabilities.

To avoid becoming victims to the next widespread ransomware attack, the automotive industry needs to implement a more proactive security approach that is based on detection and mitigating risks within their production environment. By implementing the right OT security approach with awareness and technology, the automotive manufacturing industry can benefit significantly from it, ensuring their servers and systems are secure from incoming cyber attacks.

To learn more about smart organizations like Coşkunöz Holding are expanding their OT visibility into their automotive manufacturing plants, check out their OT Security case study here: https://www.scadafence.com/resource/global-automotive-aerospace-manufacturer-expands-ot-visibility-and-cybersecurity/

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

How to Prevent Social Engineering Attacks

When it comes to cybersecurity, many think about protecting themselves against hackers who use technological flaws in a system to steal data. But cyberattacks can’t just be malware intrusions, there are other ways to infiltrate organizations and networks with the victim’s consent and without the victim’s knowledge of what is going on. This type of deception is known as social engineering, which in essence is manipulating someone until sensitive data and access permissions are granted.

A well-known example of this is when an intruder poses as the IT support of a particular company, asking users to provide information such as their usernames and passwords. The scam is accomplished when this information is shared.

It is surprising how many people do not think twice about sharing this information, especially if it looks like it is being requested by a legitimate representative.

In this context, we bring you some information relevant to the precaution against these attacks! Keep reading and learn how to protect yourself from social engineering attacks.

What Would Social Engineering Be?

The definition of social engineering embraces many types of psychological manipulations. This concept can generate positive results when it is taken to the area of behavioral promotion.

Information Security, however, tends to treat social engineering as an evil that provides benefits to the criminals, involving manipulation to obtain private information, such as personal and financial data. Thus, social engineering can also be defined as a cybercrime.

How Does Social Engineering Work?

Unfortunately, for humans, there are still some relationship patterns that are established. Social engineering works by taking advantage of these cognitive prejudice situations where criminals steal financial and personal information.

A strong example of this can be seen in the human tendency of trusting people who look nicer and more friendly, or even who hold a position of higher authority.

Social engineering techniques exploit this natural human confidence. In 2018, vacation rental phishing scams, in which hackers impersonated owners offering real vacation listings, were common enough that the US Federal Trade Commission issued a warning about them.

In many cases, the contact information and emails of the real owners were hacked, leaving little reason for victims to think they were not discussing a rental with the real owner.

Who is Most Vulnerable to Social Engineering?

Anyone can fall victim to a social engineering attack. Each one has their cognitive prejudices that, most of the time, go unnoticed during social life.

However, there are some particular groups that, in a way, are “easy” targets for these criminals, such as the elderly, who may not have knowledge of technology, generally have fewer human interactions, and may be perceived as having a lot of money and goods to discard.

What Are Common Social Engineering Techniques?

Social engineering techniques can take many forms. Below we list the commonly used techniques.

Trust Exploitation

Users are less suspicious of people they are familiar with. An attacker can become familiar with system users before the social engineering attack. The opportunist can participate in social events and other environments, which makes the attacker familiar to users.

Intimidating Circumstances 

We tend to avoid people who intimidate others around us. Using this technique, an attacker could pretend to have a heated discussion on the phone or with an accomplice to the scam, and could then ask users for information that would be used to compromise the security of their system.

Users are more likely to give the correct answers just to avoid a confrontation with the criminal. This technique can also be used to avoid being checked at a security checkpoint.

Phishing

This technique uses tricks and cheats to obtain users’ private data. The social engineer might try to impersonate a genuine website, such as Google, and then ask the unsuspecting user to confirm their account name and password.

This technique can also be used to obtain credit card information or any other valuable personal data.

Exploring Human Curiosity

Using this technique, the social engineer can deliberately leave a virus-infected USB stick in an area where users can easily pick it up. The user will likely connect the USB stick to the computer.

Thus, the USB stick might run the virus automatically or the user might be tempted to open a file with a name, such as Employee Review Report 2013.docx, which might actually be an infected file.

Exploring Human Greed

Using this technique, the social engineer can entice the user with the promise of earning big money online by filling out a form and confirming their details using credit card details, etc.

How to Protect Yourself from a Social Engineering Attack?

Social engineering attacks are stealthy. This makes it critical for everyone to be aware of the threat. Some best practices you can follow to ensure you are protecting yourself from social engineering attacks include:

  • Never responding to a request for financial information or passwords. Legitimate organizations will not send a message asking for personal information.
  • Adjusting your spam filters. Every email program has spam filters, make sure yours is set to block potential threats.
  • Protect your computing devices and accessories. That means protecting your digital space with antivirus software, firewalls, and email filters. It also means protecting USB sticks, external hard drives, and other pieces of equipment that could be compromised.

Finally, managers must develop plans to raise awareness among the staff. There are many essential precautions available on the internet, and for corporate environments, the in-house team needs to be aware of how to protect against digital threats.

Making sure employees are aligned for this purpose is an essential step in the process of preventing social engineering attacks and other cyberattacks.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.