Cybersecurity Threats In The Automotive Industry

Uploaded on 2025-06-30 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The automotive sector, increasingly reliant on connected technologies, faces a complex cybersecurity landscape. The Cyfirma Industry Report, focusing on the past three months of 2025, offers a detailed analysis of the external threat landscape, highlighting attack campaigns, dark web chatter, vulnerabilities, and ransomware incidents.

While the industry ranks low among targeted sectors, persistent risks from data breaches, ransomware, and emerging vulnerabilities underscore the need for robust defences as vehicles become more digitally integrated.

Advanced Persistent Threats

The automotive industry remains a low-priority target for advanced persistent threat (APT) campaigns, featuring in only 2 of 11 observed campaigns (18%) over the past 90 days, up from one in the prior period. These campaigns, active in April and May, were attributed to the Russian cybercrime syndicate FIN11 and Chinese Ministry of State Security-linked groups, possibly Stone Panda or Salt Typhoon. They targeted web applications, operating systems, routers, and network monitoring tools, focusing on Asian automotive economies. This limited activity suggests that while the sector is not a primary focus, its critical infrastructure makes it a strategic target for state-sponsored actors.

Dark Web Chatter

Underground and dark web chatter about the automotive industry is minimal, accounting for just 0.93% of total industry mentions, ranking it 14th out of 14 sectors monitored. Of 531 mentions from over 300,000 posts, data breaches (84 mentions in the last 30 days) and data leaks (75) were the most prominent, rebounding after a dip. Ransomware chatter remained steady at around 20 mentions monthly, likely targeting manufacturing and dealership systems.

A 350% surge in DDoS mentions in the last 30 days points to potential extortion or disruption campaigns, while hacktivism, tied to labour or geopolitical issues, was rare but consistent. Declining web exploit mentions suggest improved perimeter security or a shift in attacker focus.

Vulnerabilities: Injection Attacks Are a Big Concern  

The automotive sector accounted for 1.08% of vulnerability mentions, ranking 13th out of 14 industries, with 29 mentions from over 10,000 reported Common Vulnerabilities and Exposures (CVEs). Injection attacks spiked to eight mentions in the previous 30 days, remaining elevated at five, posing risks to connected vehicle systems. Remote and arbitrary code execution (RCE) vulnerabilities, though low, are critical due to their potential severity in automotive environments. Memory and buffer vulnerabilities briefly rose but dropped to zero, while cross-site scripting (XSS), clickjacking, and denial-of-service (DoS) risks remained steady but minor. These trends align with the industry’s growing reliance on software-driven systems, necessitating vigilant patching and monitoring.

Ransomware: A Steady Threat  

Ransomware incidents in the automotive sector totalled 39 victims over the past 90 days, a marginal 2.6% increase from 38, representing 2.58% of all ransomware victims and ranking 13th. The U.S. dominated with 46% of victims (18), followed by Canada (5) and Germany (4), while Japan, South Korea, and France reported none. Only 18 of 73 active ransomware groups targeted the industry, with Qilin (13 victims) and Akira (6) leading, and Spacebears showing the highest proportional focus (16.7%). Dealerships were the primary targets, alongside manufacturers and suppliers. A February spike preceded a dip in April, with a mild upward trend since, indicating sustained but low-level interest from cybercriminals.

Proactive Measures Needed  

Despite its low ranking among targeted industries, the automotive sector’s increasing connectivity amplifies its exposure to cyber threats. The report’s findings suggest that while APT campaigns and vulnerabilities remain limited, data breaches and ransomware pose consistent risks. The surge in DDoS chatter and the presence of sophisticated actors like FIN11 and Chinese state-linked groups highlight the need for enhanced cybersecurity investments.

As vehicles integrate more IoT and cloud-based systems, automakers must prioritise AI-driven threat detection, secure software development, and compliance with standards like ISO/SAE 21434 to mitigate risks and protect critical infrastructure.

Image: Imkara Visual 

You Might Also Read:

Connected Cars & Cyber Security:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Iranian Hackers Attack After US Air Strikes
Supercharge AI - GPU Power Meets Cyber Resilience »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

CompliancePoint

CompliancePoint

We design and implement strategies, processes & procedures to mitigate risk, reach compliance goals, protect data assets, and meet industry standards.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

Enosys Solutions

Enosys Solutions

Enosys Solutions is an IT security specialist with a skilled professional services team and 24x7 security operations centre servicing corporate and public sector organisations across Australia.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

Cyber Tec Security

Cyber Tec Security

Cyber Tec Security is an IASME Certification Body for Cyber Essentials basic/Plus. We also provide ongoing Managed Security Services.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

Chorus Cyber

Chorus Cyber

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.

Breathe Technology

Breathe Technology

Breathe Technology has been providing Managed IT Support/ Service Desk, Cloud Services, Cyber Security & Communications to businesses and schools since 2003.

Neqst

Neqst

Neqst is an investment firm specialising in profitable growth companies within the Nordic software and IT-services sectors.