Cybersecurity Threats In The Automotive Industry

The automotive sector, increasingly reliant on connected technologies, faces a complex cybersecurity landscape. The Cyfirma Industry Report, focusing on the past three months of 2025, offers a detailed analysis of the external threat landscape, highlighting attack campaigns, dark web chatter, vulnerabilities, and ransomware incidents.

While the industry ranks low among targeted sectors, persistent risks from data breaches, ransomware, and emerging vulnerabilities underscore the need for robust defences as vehicles become more digitally integrated.

Advanced Persistent Threats

The automotive industry remains a low-priority target for advanced persistent threat (APT) campaigns, featuring in only 2 of 11 observed campaigns (18%) over the past 90 days, up from one in the prior period. These campaigns, active in April and May, were attributed to the Russian cybercrime syndicate FIN11 and Chinese Ministry of State Security-linked groups, possibly Stone Panda or Salt Typhoon. They targeted web applications, operating systems, routers, and network monitoring tools, focusing on Asian automotive economies. This limited activity suggests that while the sector is not a primary focus, its critical infrastructure makes it a strategic target for state-sponsored actors.

Dark Web Chatter

Underground and dark web chatter about the automotive industry is minimal, accounting for just 0.93% of total industry mentions, ranking it 14th out of 14 sectors monitored. Of 531 mentions from over 300,000 posts, data breaches (84 mentions in the last 30 days) and data leaks (75) were the most prominent, rebounding after a dip. Ransomware chatter remained steady at around 20 mentions monthly, likely targeting manufacturing and dealership systems.

A 350% surge in DDoS mentions in the last 30 days points to potential extortion or disruption campaigns, while hacktivism, tied to labour or geopolitical issues, was rare but consistent. Declining web exploit mentions suggest improved perimeter security or a shift in attacker focus.

Vulnerabilities: Injection Attacks Are a Big Concern  

The automotive sector accounted for 1.08% of vulnerability mentions, ranking 13th out of 14 industries, with 29 mentions from over 10,000 reported Common Vulnerabilities and Exposures (CVEs). Injection attacks spiked to eight mentions in the previous 30 days, remaining elevated at five, posing risks to connected vehicle systems. Remote and arbitrary code execution (RCE) vulnerabilities, though low, are critical due to their potential severity in automotive environments. Memory and buffer vulnerabilities briefly rose but dropped to zero, while cross-site scripting (XSS), clickjacking, and denial-of-service (DoS) risks remained steady but minor. These trends align with the industry’s growing reliance on software-driven systems, necessitating vigilant patching and monitoring.

Ransomware: A Steady Threat  

Ransomware incidents in the automotive sector totalled 39 victims over the past 90 days, a marginal 2.6% increase from 38, representing 2.58% of all ransomware victims and ranking 13th. The U.S. dominated with 46% of victims (18), followed by Canada (5) and Germany (4), while Japan, South Korea, and France reported none. Only 18 of 73 active ransomware groups targeted the industry, with Qilin (13 victims) and Akira (6) leading, and Spacebears showing the highest proportional focus (16.7%). Dealerships were the primary targets, alongside manufacturers and suppliers. A February spike preceded a dip in April, with a mild upward trend since, indicating sustained but low-level interest from cybercriminals.

Proactive Measures Needed  

Despite its low ranking among targeted industries, the automotive sector’s increasing connectivity amplifies its exposure to cyber threats. The report’s findings suggest that while APT campaigns and vulnerabilities remain limited, data breaches and ransomware pose consistent risks. The surge in DDoS chatter and the presence of sophisticated actors like FIN11 and Chinese state-linked groups highlight the need for enhanced cybersecurity investments.

As vehicles integrate more IoT and cloud-based systems, automakers must prioritise AI-driven threat detection, secure software development, and compliance with standards like ISO/SAE 21434 to mitigate risks and protect critical infrastructure.

Image: Imkara Visual 

You Might Also Read:

Connected Cars & Cyber Security:


If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Iranian Hackers Attack After US Air Strikes
Supercharge AI: GPU Power Meets Cyber Resilience »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.

FearsOff

FearsOff

FearsOff is a global information security company serving clients worldwide. White hat operators with a black hat mindset to emulate real world attacks and everchanging threat vectors.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

St Fox

St Fox

St. Fox is a leading consultancy helping enterprises secure their Cloud, Data, endpoints, and applications.

UKON

UKON

UKON is the free cyber insurance marketplace for MSPs, agencies and partners to turn risk into revenue.

Memgraph

Memgraph

Memgraph, is an in-memory graph database designed for real-time applications such as risk assessment, 360-degree data and network data exploration, and supply chain and network logistics.

Corridor

Corridor

Corridor is the AI-powered platform that autonomously secures your codebase.