The annual report reveals automotive-related cyber threat trends and analysis in light of recently drafted and adopted cybersecurity standards and regulations as well as the COVID-19 pandemic; the report also includes a one-of-a-kind analysis of automotive cyber threats identified throughout the deep and dark web.
HERZLIYA, Israel – December 15, 2020 – Upstream Security, a leading provider of cloud-based automotive cybersecurity solutions, today released its 2021 Global Automotive Cybersecurity Report. The annual report shares in-depth insights and analysis derived by analyzing 633 publicly reported automotive cyber incidents spanning the last decade, highlighting vulnerabilities and threats identified during 2020.
For the first-time-ever, the annual report offers an in-depth mapping of all 2020 automotive cyber incidents to the threats listed in the UNECE WP.29 regulation as well as an analysis of the risk levels of specific incidents as required by the ISO/SAE 21434 regulation. The report also includes an inaugural segment focused on non-disclosed automotive-related cyber incidents discovered throughout the deep and dark web.
2020 has been a year of disruption in the automotive industry, both because of COVID-19 and the new automotive cybersecurity standards and regulations. The rising number of connected vehicles increases the entry points and vulnerabilities that hackers can leverage, and the ever-growing automotive cyber threat landscape continues to develop.
“With the continued rise of cyber attacks against the automotive industry and the regulatory requirements that were developed in response, now more than ever, OEMs and Tier-1 and Tier-2 automotive suppliers must take heed of the cyber threat landscape,” said Oded Yarkoni, Upstream Security’s VP of Marketing. “Knowing and assessing automotive cyber threats both on the surface and on the deep and dark web is the first step in developing an effective cybersecurity management system and complying with the cybersecurity demands of both regulators and consumers.”
Upstream’s 2021 Global Automotive Cybersecurity Report introduces key findings of the Upstream AutoThreat Intelligence research team as well as cybersecurity recommendations for automotive stakeholders:
- Connected vehicles are here to stay: The rising number of connected vehicles leads to increased vulnerabilities and entry points for hackers to leverage; more than 200 automotive cyber incidents were publicly reported in 2020 alone.
- Most automotive cyber hacks were carried out by hackers with malicious intent: In 2020, 55% of hacks were carried out by black-hat hackers to disrupt business, steal property, and demand ransom. 38.6% of hacks were committed by white-hat hackers and researchers, including those as part of an automotive bug-bounty program.
- There was a growth of servers targeted in 2020: The three most common attack vectors over the last decade were servers, keyless entry systems, and mobile apps, with a 73% growth in server attacks in 2020. All three top attack vectors are attacked remotely, and as seen in 2020, 77.8% of all incidents were remote attacks.
- The number of automotive-related CVEs is growing: To date, there have been 110 CVEs (Common Vulnerabilities and Exposures) related to the automotive industry, 33 in 2020 compared to 24 in 2019.
- Theft of data and vehicles were among the top impacts of cyber attacks in 2020: 36% of incidents in 2020 involved data and privacy breaches, and 28% of incidents involved thefts or break-ins.
- Standards and regulations indicate an industry-wide recognition of cyber threats: When mapping cyber incidents from 2020 to threats indicated by the UNECE WP.29 regulation, 89.9% of incidents related to threats to vehicles regarding their communication channels and 86.7% related to threats to vehicle data/code, the top two threat categories.
- While COVID-19 slowed down many automotive operations, cyber attacks were on the rise: OEMs and automotive suppliers were prime targets during the pandemic, with a cyber attack even shutting down a major OEM. The pandemic also led to factory closures, assembly-line shutdowns, supply chain interruptions, and even some OEMs pivoting their activities altogether.
- The deep and dark web contains a noticeable amount of automotive-related hacks and threats: The most frequent and significant automotive hacks discussed on the deep and dark web include ECU tuning, infotainment hacking, selling stolen identities to access OEM and smart-mobility accounts, and leaking automotive source code or data.
- Automotive cybersecurity has been recognized as vital: The automotive cybersecurity market is expected to grow over the next decade, with OEMs recognizing that security-by-design, automotive cyber threat intelligence, and a well-established VSOC (vehicle SOC) with an integrated cybersecurity solution is integral to the safety and security of their vehicles and assets.
A full copy of the free report is available for download at the Upstream Security website: www.upstream.auto/2021Report
Request access to Upstream AutoThreat Intelligence: www.upstream.auto/AutoThreatAccess
About Upstream Security:
Upstream Security offers a cloud-based automotive cybersecurity and data analytics platform purpose-built for connected vehicles and smart mobility services. Upstream’s platform fuses machine learning, data normalization, and digital twin profiling technologies to detect anomalies in real-time using existing automotive data feeds. Coupled with AutoThreat Intelligence, the first automotive cybersecurity threat intelligence feed, Upstream provides unparalleled cybersecurity and data-driven insights, readily available and seamlessly integrated into the customer’s environment.
Upstream is privately funded by Alliance Ventures (Renault, Nissan, Mitsubishi), Volvo Group, Hyundai, Nationwide Insurance, Salesforce Ventures, CRV, Glilot Capital Partners, and Maniv Mobility.