Thefts and Break-Ins Contribute to 31 Percent Automotive Cyber-Attacks
Upstream Security, a provider of cloud-based automotive cybersecurity solutions, released its 2020 Automotive Cybersecurity Report. The report shares in-depth insights and statistics gleaned from analyzing 367 publicly reported automotive cyber incidents spanning from the past decade onward, while highlighting vulnerabilities and insights identified during 2019.
The company also announced the availability of AutoThreat Intelligence, its automotive threat intelligence subscription service which provides comprehensive and actionable insights to threats on automotive and smart mobility services.
Upstream’s 2020 Automotive Cybersecurity Report introduces some of the key findings of the AutoThreat Intelligence research team for 2019 as well as solutions used by the industry going forward:
Connected vehicles are already taking over: 330 million vehicles are already connected, and top car brands in the U.S. market have stated that only connected vehicles will be sold by 2020. This fact alone exponentially increases the potential damage of each attack. A wide-scale attack could potentially disrupt an entire city and even lead to catastrophic loss of lives.
The number of automotive cybersecurity incidents has increased dramatically: Since 2016, the number of annual incidents has increased by 605 percent, with incidents more than doubling in the last year alone.
Most incidents are carried out by criminals: Around 57 percent of incidents in 2019 were carried out by cybercriminals (black hat) to disrupt businesses, steal property, and demanding ransom. Only 38 percent were the result of researchers (white hat) with the goal of warning companies and consumers of discovered vulnerabilities.
A third of incidents resulted in car theft and break-ins: The top three impacts of incidents over the past ten years were car thefts/break-ins (31 percent), control over car systems (27 percent), and data/privacy breaches (23 percent).
Awareness is increasing: More automotive vulnerabilities are being listed, with 66 CVEs (common vulnerabilities and exposures) listed to date. The use of bug bounty programs, which has been popular in enterprise infosec, is on the rise as more automotive companies adopt it to discover vulnerabilities.
The industry is adopting a multilayered security approach: This involves new regulations and standards, security by design, in-vehicle and cloud-based automotive cybersecurity solutions and expanding SOCs to VSOCs (Vehicle Security Operations Centers) for early detection and rapid remediation.