Ann Arbor, MI – February 7, 2024 – Upstream Security has released the 2024 Upstream Global Automotive Cybersecurity Report. This sixth edition of the report puts a spotlight on how automotive and mobility cyber threats have evolved and grown in magnitude and impact – from experimental hacks to massive-scale attacks. It covers topics such as the latest threats, attack vectors, security best practices, and emerging technologies.
Report key insights and findings:
- In 2023, the number of high and massive-scale incidents potentially impacting thousands to millions of mobility assets increased by x2.5 compared to 2022
- 95% of attacks are executed remotely, and 85% of them are long-range
- 64% of cyber-attacks are performed by black hat actors
- In 2023, deep and dark web activities related to the Automotive and Smart Mobility ecosystem have increased by 165%
- Nearly 65% of deep and dark web cyber activities had the potential to impact thousands to millions of mobility assets
- Attacks on telematic and application servers account for 43% of all attacks (up from 35% in 2022)
- 37% of threat actors actions had far-reaching impact – targeting multiple OEMs simultaneously (as opposed to impacting just a single OEM/auto manufacturer)
- Attacks on infotainment systems have almost doubled in 2023 – accounting for 15% of all attacks (up from 8% in 2022)
- APIs are especially susceptible to Generative AI threats since attackers can use GenAI to explore API documentation
Yoav Levy, Upstream Security CEO and Co-Founder: “Automotive cybersecurity is reaching an inflection point. Cyber incidents have grown significantly in sophistication and reach, threatening safety, and sensitive data, and carrying operational significant implications. The findings from Upstream’s new 2024 Automotive Cybersecurity Report highlight why today it’s more crucial than ever to proactively safeguard vehicles, mobility applications, and IoT devices against automotive cyber threats. Threat actor motivation is shifting towards high and massive-scale impact on connected vehicles and mobility assets.”
Upstream’s report is the culmination of months of research and analysis by Upstream’s cyber research teams. Upstream experts investigated nearly 1500 reported automotive cybersecurity incidents over the last decade. In 2023 alone, they reported 295 incidents and actively monitored hundreds of deep and dark web forums, marketplaces, and malicious ‘chatter’ to compile the comprehensive report.
This year’s report provides eye-opening insights on the financial impact of cyber attacks. It offers an actionable framework for measuring the monetary impact of cyber attacks in real-world scenarios.
Upstream’s Predictions for 2024
Looking ahead to 2024, the Upstream report also provides predictions on projected shifts in the automotive threat landscape:
- The competitive advantage in the Automotive industry will continue to be driven by digital transformation. This requires stakeholders to secure APIs and expand vSOC coverage to monitor API-related threats.
- GenAI will have a profound impact on automotive cybersecurity stakeholders. It will introduce new large-scale attack methods but also equip stakeholders with advanced detection, investigation, and mitigation capabilities.
- OEMs and Charging Point Operators (CPOs) continue to deepen cybersecurity risk assessments. They deploy cybersecurity solutions to protect strategic EV charging infrastructure.
- Initial signs of regulatory fatigue are evident, amid the maturity of UNECE WP.29 R155. Additionally, there’s an abundance of new regulations emerging worldwide, mainly in China.
Levy concluded: “There’s a growing understanding amongst cybersecurity stakeholders charged with securing connected vehicle fleets, EV charging stations, and infrastructure. They realize they need to significantly bolster their cybersecurity defenses to protect against massive scale attacks targeting IoT devices and mobility services. This is especially true with GenAI’s growing prevalence. Its role in lowering threat actors’ barriers for entry enables black hat actors to perpetrate large-scale attacks faster and more effectively than previously possible.”
News related to Upstream –
