Cybersecurity Threats In The Automotive Industry

Uploaded on 2025-06-30 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The automotive sector, increasingly reliant on connected technologies, faces a complex cybersecurity landscape. The Cyfirma Industry Report, focusing on the past three months of 2025, offers a detailed analysis of the external threat landscape, highlighting attack campaigns, dark web chatter, vulnerabilities, and ransomware incidents.

While the industry ranks low among targeted sectors, persistent risks from data breaches, ransomware, and emerging vulnerabilities underscore the need for robust defences as vehicles become more digitally integrated.

Advanced Persistent Threats

The automotive industry remains a low-priority target for advanced persistent threat (APT) campaigns, featuring in only 2 of 11 observed campaigns (18%) over the past 90 days, up from one in the prior period. These campaigns, active in April and May, were attributed to the Russian cybercrime syndicate FIN11 and Chinese Ministry of State Security-linked groups, possibly Stone Panda or Salt Typhoon. They targeted web applications, operating systems, routers, and network monitoring tools, focusing on Asian automotive economies. This limited activity suggests that while the sector is not a primary focus, its critical infrastructure makes it a strategic target for state-sponsored actors.

Dark Web Chatter

Underground and dark web chatter about the automotive industry is minimal, accounting for just 0.93% of total industry mentions, ranking it 14th out of 14 sectors monitored. Of 531 mentions from over 300,000 posts, data breaches (84 mentions in the last 30 days) and data leaks (75) were the most prominent, rebounding after a dip. Ransomware chatter remained steady at around 20 mentions monthly, likely targeting manufacturing and dealership systems.

A 350% surge in DDoS mentions in the last 30 days points to potential extortion or disruption campaigns, while hacktivism, tied to labour or geopolitical issues, was rare but consistent. Declining web exploit mentions suggest improved perimeter security or a shift in attacker focus.

Vulnerabilities: Injection Attacks Are a Big Concern  

The automotive sector accounted for 1.08% of vulnerability mentions, ranking 13th out of 14 industries, with 29 mentions from over 10,000 reported Common Vulnerabilities and Exposures (CVEs). Injection attacks spiked to eight mentions in the previous 30 days, remaining elevated at five, posing risks to connected vehicle systems. Remote and arbitrary code execution (RCE) vulnerabilities, though low, are critical due to their potential severity in automotive environments. Memory and buffer vulnerabilities briefly rose but dropped to zero, while cross-site scripting (XSS), clickjacking, and denial-of-service (DoS) risks remained steady but minor. These trends align with the industry’s growing reliance on software-driven systems, necessitating vigilant patching and monitoring.

Ransomware: A Steady Threat  

Ransomware incidents in the automotive sector totalled 39 victims over the past 90 days, a marginal 2.6% increase from 38, representing 2.58% of all ransomware victims and ranking 13th. The U.S. dominated with 46% of victims (18), followed by Canada (5) and Germany (4), while Japan, South Korea, and France reported none. Only 18 of 73 active ransomware groups targeted the industry, with Qilin (13 victims) and Akira (6) leading, and Spacebears showing the highest proportional focus (16.7%). Dealerships were the primary targets, alongside manufacturers and suppliers. A February spike preceded a dip in April, with a mild upward trend since, indicating sustained but low-level interest from cybercriminals.

Proactive Measures Needed  

Despite its low ranking among targeted industries, the automotive sector’s increasing connectivity amplifies its exposure to cyber threats. The report’s findings suggest that while APT campaigns and vulnerabilities remain limited, data breaches and ransomware pose consistent risks. The surge in DDoS chatter and the presence of sophisticated actors like FIN11 and Chinese state-linked groups highlight the need for enhanced cybersecurity investments.

As vehicles integrate more IoT and cloud-based systems, automakers must prioritise AI-driven threat detection, secure software development, and compliance with standards like ISO/SAE 21434 to mitigate risks and protect critical infrastructure.

Image: Imkara Visual 

You Might Also Read:

Connected Cars & Cyber Security:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Iranian Hackers Attack After US Air Strikes
Supercharge AI: GPU Power Meets Cyber Resilience »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.

National Renewable Energy Laboratory (NREL) - USA

National Renewable Energy Laboratory (NREL) - USA

NREL is transforming energy through research, development, commercialization, and deployment of renewable energy and energy efficiency technologies.

Dryad Global

Dryad Global

Dryad Global offers a comprehensive suite of maritime intelligence solutions, including a best-in-class situational awareness, planning and security system and industry-leading cyber protection tools.

Boldend

Boldend

Boldend offers leading-edge offensive and defensive cybersecurity solutions that empower government and commercial organizations to stay resilient in an evolving threat landscape.