In recent years, electric vehicles (EVs) have become the preferred alternative to traditional cars in the midst of a global energy crisis and rising environmental concerns. While this shift might initially bode well for car manufacturers and suppliers, rapid innovation in the automotive industry could leave wide security gaps in its wake.
Keeping up with current security concerns is of utmost importance in forging the road ahead for connected cars. In “Automotive Cybersecurity in 2022: VicOne Report,” we look back at the notable threats encountered by the industry in the past year, point out increasingly high-risk areas, and share our security recommendations.
Notable threats and trends
For our report, we investigated over 50 significant security events to get a good grasp of cybersecurity incidents throughout the industry. We found that cyberattacks affected nearly all production stages, from suppliers down to vendors. Based on reported attacks, we also noted that the two most prominent threats to the industry were ransomware attacks and data breaches.
Based on these two threats, we identified some cyberattack trends in 2022:
- Cyberattacks are becoming more targeted. We have observed that in recent years, cybercriminals have adopted the tactics, techniques, and procedures (TTPs) of targeted attacks.
- Disrupted operations are not the only pressing issue. Based on recent ransomware attacks, cybercriminals threaten to leak stolen data to corner companies into paying their demanded ransom. Attacks therefore affect not only operations but also a brand’s reputation and customer trust.
- Attacks affect more than just the victim. Both ransomware attacks and data breaches could have cascading effects on the entire supply chain, which has been the case in 2022.
In addition to these trends, which will likely continue in 2023, we also highlighted increasingly high-risk areas in the industry: EV charging stations, cloud APIs, and remote keyless entry (RKE) systems. This overview has led us to surmise how threats to connected cars would evolve in the coming years and where stakeholders can ramp up security efforts in the present.
Predictions and security recommendations
Aside from the vulnerabilities that could present a greater hurdle for the automotive industry, we offer some key predictions to help manufacturers and suppliers prepare for the future of connected cars:
- Ransomware will continue to affect the automotive supply chain.
- Radio signal attacks, such as replay, relay, jamming, and man-in-the-middle (MitM) attacks, will increase.
- Open-source vulnerabilities will affect more components in the industry.
- AI-driven detection devices, such as advanced driver assistance systems (ADASs), will be affected more by generative adversarial networks (GANs).
- There will be chip-level vulnerabilities and attacks since the chip-level design is not secure.
- Manufacturers and suppliers can rely on tools and threat intelligence to continue building reinforced security against these predicted changes. Indeed, true progress can be achieved only by keeping security in pace with the swiftly evolving automotive industry.
To get a closer look at the state of automotive security, read “Automotive Cybersecurity in 2022: VicOne Report,” where we detail high-risk areas in the automotive ecosystem, the most prominent vulnerabilities affecting the industry, and our security recommendations.