The past couple of years have been revolutionary in ways we never expected. A continuous shift in connected, autonomous, shared, and electric vehicles (CASE) has effectively turned vehicles into a mobile computing platform on wheels, enabling an improved customer and ownership experience. However, with all the apparent advantages of connectivity and software driven functionality, there are risks and threats
to address, namely data privacy and cybersecurity. Over these same revolutionary years, the industry has seen an exponential rise in the magnitude, frequency, and sophistication of cyber attacks. The automotive industry is now accelerating the proactive measures necessary to secure their vehicles and ensure that drivers and passengers remain safe.
Upstream has been helping automotive ecosystem stakeholders understand and mitigate cyber risks for several years now, working with some of the leading automotive OEMs, parts suppliers, insurance providers, aviation leaders, and others to protect millions of vehicles that are already on the road today. We have been providing complete automotive-specific threat intelligence, utilizing surface, deep, and dark web sources to help automotive stakeholders identify and manage risks and vulnerabilities detected in their supply chain and assets.
To this end, we at Upstream are committed to empowering the industry to leverage the data gathered from connected vehicles and our threat intelligence analysts to help make smart mobility safe and secure. Our industry has a lot to look forward to in the years ahead, including paving the road for a better, more secure, and fascinating connected universe.
METHODOLOGY
For years, we at Upstream Security have been monitoring and analyzing worldwide automotive cyber incidents with the purpose of learning, understanding, and helping protect the automotive ecosystem from cyber threats and misuse. Our researchers have carefully categorized the data we have collected, analyzing each incident’s attack methods, attack vectors, impact, target industries, and many other aspects. As a result, we learn more about the threats and impact of cyber attacks targeting connected
vehicles on the road today, using this newfound knowledge to better protect them.
This report was created by analyzing 900+ publicly reported incidents that occurred since 2010, with an increase of more than 225% in the number of incidents taking place in 2021 alone, when compared to 2018.
Upstream’s AutoThreat® Intelligence team of cyber researchers and cyber analysts are constantly looking for new incidents, analyzing and indexing every incident to the AutoThreat® platform. A community version of AutoThreat® is publicly available on Upstream’s website (AutoThreat Intelligence Cyber Incident Repository), for creating greater awareness and helping automotive stakeholders improve their security posture.
Each incident and relevant contextual data are added to the platform to create a more action-driven repository. These include the attack’s geo-location, impact, attack vector, company type, and required proximity of the attacker to its target and beyond. Incidents studied and presented in this report were taken from various sources such as media, academic research, bug bounty programs, verified Twitter accounts of government law enforcement agencies worldwide, the Common Vulnerabilities &
Exposures (CVE) database, and other publicly-available online sources.
In addition to the publicly reported cyber incidents, Upstream’s analysts probe the deep and dark web to monitor black-hat actors that operate behind the scenes of automotive-focused cyber attacks. This helps OEMs, Tier-1 and Tier-2 companies, insurance, and other automotive-related companies take preventive steps to protect their products, data, information, and internal assets. These incidents are discussed
in a separate designated section of this report titled “Deep and Dark Web” and are not included in any charts or statistics in any other section.
The automotive industry must have a continuously updated database of security incidents at the ready. To achieve this, select details of the publicly reported incidents are available in the AutoThreat® repository. In addition, a comprehensive analysis is available to AutoThreat® intelligence customers.
While every effort was made to identify and analyze each cyber incident within the automotive ecosystem, it is possible that additional automotive cyber attacks occurred but have not been publicly reported and thus, not publicized by Upstream in this report.
