Upstream’s New 2024 Automotive Cybersecurity Report is Officially Released

Latest insights show that high-scale cyber incidents doubled in 2023, with attacks growing in sophistication and magnitude

Ann Arbor, MI – February 7, 2024 – Upstream Security, the leading provider of the cybersecurity detection and response platform for the automotive industry, today released the 2024 Upstream Global Automotive Cybersecurity Report. This sixth edition of the report puts a spotlight on how automotive and mobility cyber threats have evolved and grown in magnitude and impact – from experimental hacks to massive-scale attacks.

Report key insights and findings:

  • In 2023, the number of high and massive-scale incidents potentially impacting thousands to millions of mobility assets increased by x2.5 compared to 2022
  • 95% of attacks are executed remotely, and 85% of them are long-range
  • 64% of cyber-attacks are performed by black hat actors
  • In 2023, deep and dark web activities related to the Automotive and Smart Mobility ecosystem have increased by 165%
  • Nearly 65% of deep and dark web cyber activities had the potential to impact thousands to millions of mobility assets
  • Attacks on telematic and application servers account for 43% of all attacks (up from 35% in 2022)
  • 37% of threat actors actions had far-reaching impact – targeting multiple OEMs simultaneously (as opposed to impacting just a single OEM/auto manufacturer)
  • Attacks on infotainment systems have almost doubled in 2023 – accounting for 15% of all attacks (up from 8% in 2022)
  • APIs are especially susceptible to Generative AI threats since attackers can use GenAI to explore API documentation

Yoav Levy, Upstream Security CEO and Co-Founder: “Automotive cybersecurity is reaching an inflection point. Cyber incidents have grown significantly in sophistication and reach, threatening safety, and sensitive data, and carrying operational significant implications. With threat actor motivation shifting towards high and massive-scale impact on connected vehicles and mobility assets, the findings from Upstream’s new 2024 Automotive Cybersecurity Report highlight why today it’s more crucial than ever to proactively safeguard vehicles, mobility applications and IoT devices against automotive cyber threats..”

Upstream’s report is the culmination of months of research and analysis by Upstream’s cyber research teams. Upstream experts investigated nearly 1500 reported automotive cybersecurity incidents over the last decade, 295 reported in 2023 alone, and monitored hundreds of deep and dark web forums, marketplaces and malicious ‘chatter’ to compile the comprehensive report.

This year’s report also provides eye-opening insights on the financial impact of cyber attacks, providing an actionable framework for measuring the monetary impact of cyber attacks in real-world scenarios.

Upstream’s Predictions for 2024

Looking ahead to 2024, the Upstream report also provides predictions on projected shifts in the automotive threat landscape:

  • The competitive advantage in the Automotive industry will continue to be driven by digital transformation, requiring stakeholders to secure APIs and expand vSOC coverage to monitor API-related threats.
  • GenAI will have a profound impact on automotive cybersecurity stakeholders, introducing new large-scale attack methods but also equipping stakeholders with advanced detection, investigation, and mitigation capabilities.
  • OEMs and Charging Point Operators (CPOs) continue to deepen cybersecurity risk assessments and deploy cybersecurity solutions to protect strategic EV charging infrastructure
  • Initial signs of regulatory fatigue, amid the maturity of UNECE WP.29 R155 and the abundance of new regulations emerging worldwide, mainly in China.

Levy concluded: “There’s a growing understanding amongst cybersecurity stakeholders charged with securing connected vehicle fleets, EV charging stations and infrastructure, IoT devices and mobility services that they need to significantly bolster their cybersecurity defenses to protect against massive scale attacks. This is especially true with GenAI’s growing prevalence and its role in lowering threat actors’ barriers for entry, and enabling black hat actors to perpetrate large-scale attacks faster and more effectively than previously possible.”

Download the 2024 Upstream Global Automotive Cybersecurity Report

cybersecurity incidents

About Upstream Security

Upstream provides a cloud-based data management platform purpose-built for connected vehicles, delivering unparalleled automotive cybersecurity detection and response (V-XDR) and data-driven applications. The Upstream Platform unlocks the value of vehicle data, empowering customers to build connected vehicle applications by transforming highly distributed vehicle data into centralized, structured, contextualized data lakes. Coupled with AutoThreat Intelligence, the first automotive cybersecurity threat intelligence solution, Upstream provides industry-leading cyber threat protection and actionable insights, seamlessly integrated into the customer’s environment and vehicle security operations centers (vSOC).

Media Contact: [email protected]

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Upstream Welcomes ex-Fujitsu Executive to Expand Operations in Japan

Mr. Toshiya Sato will spearhead Upstream’s accelerated growth in the region; Upstream also releases the Japanese edition of its 2024 Global Automotive Cybersecurity Report 日本語プレスリリ�

More Details

Upstream Security and Drivesec Team Up to Offer Automated Penetration Testing with Real-time Threat Monitoring for Automotive and IoT

The joint offering expands and automates cyber risk assessments, testing, and compliance with product-driven threat intelligence as well as detection & response Torino, Italy &…

More Details

Upstream Security Receives Investment from Cisco Investments as the Demand for IoT Cybersecurity Soars

Connected vehicles and mobile IoT devices introduce additional layers of cyber risks, posing threats to operational availability and sensitive data security Read more on Cisco’s…

More Details

Upstream unveils Ocean AI to improve investigations and mitigation of complex cyber attacks

Upstream’s Ocean AI powers the next generation of the mobility and vehicle security operations center (vSOC), delivering unprecedented efficiencies, scalability, and optimizations Ann Arbor, MI&hell

More Details

Upstream Security Named Newest Member of CLEPA, the European Association of Automotive Suppliers

Upstream joins world-leading experts in contributing insight on critical policies in the field of cybersecurity in automotive Herzliya, Israel – March 14, 2024 – Upstream…

More Details

Upstream and BlackBerry IVY® Announce Joint Innovative Demo at CES 2024

Demo highlights significant cost savings and intelligent cybersecurity detection & response for connected and software-defined vehicles Ann Arbor, MI – January 04, 2024 – Upstream Security,&h

More Details