Upstream’s researchers analyze critical automotive risks and vulnerabilities
The 2024 Report Highlights
From Experimental to Massive-Scale Attacks
Automotive and mobility cybersecurity risks have evolved from experimental hacks to large-scale attacks, shifting the industry's focus to impact. The number and scale of cyber incidents has grown significantly, threatening passenger and vehicle safety and carrying operational implications.
- In 2023, the number of high and massive-scale incidents potentially impacting thousands-millions of mobility assets increased by x2.5 compared to 2022
- 95% of cyber attacks are executed remotely, 85% of them are long-range
- High and massive-scale attacks can potentially impact up to millions of mobility assets (e.g. vehicles, charging stations, companion apps, backend systems)
EV Charging – The Growing Threat FrontierEV charging stations are a growing battleground for attacks.
EVs make up approximately 15% of global new car sales and are expected to gain the majority of market share of new car sales by 2040. As the number of EVs and charging stations increase, more and more threat actors are looking to attack charging stations.
- Charging stations can be attacked remotely and by creating extensive charging demand - causing widespread denial of service
- Attackers are looking to hack charging points to gain access to private consumer info such as credit card data
- Regulators are stepping up their focus on promoting regulations to secure EV charging stations against cyber risks
The Impact of Generative AIGenAI is becoming a critical tool for threat actors, enabling them to facilitate large-scale attacks faster and more effectively than previously possible.
Threat actors use GenAI as a tool to automate complex phishing attacks and create malware that can evade detection systems. The flip side of the coin is that security stakeholders can also use GenAI to transform automotive cybersecurity operations:
- Quickly analyze massive amounts of cybersecurity data and alerts
- Accelerate investigations to ensure effective remediation
- Generate deep insights based on real-time cybersecurity data
Upstream’s Predictions for 2024
Cyber attacks are continuing to grow in frequency, sophistication and impact. Attack vectors are varied, and this year there was a marked jump in the frequency of attacks on telematics and application servers as well as on infotainment systems.
Looking ahead to 2024 these are our top predictions:
- The automotive digital transformation will continue to introduce large-scale attack vectors
- As vehicles become more software-defined, attention will shift to securing APIs and IoT devices
- GenAI is expected to become a critical tool for threat actors, enabling them to quickly identify and exploit vulnerabilities, and instigate fleet-wide attacks
- GenAI offers automotive stakeholders the ability to transform vSOC operations, for faster, more effective investigations and data queries
- Automotive cybersecurity regulations are becoming overwhelmingly complex
- Rapid EV adoption expands cyber risks and CPOs should expand processes to also cover IoT protocols, standards and regulations