5 Mar 24

'Fleets need to focus on two critical areas in 2024 to avoid cyberattacks'

As connected technologies widen the scale of advanced features and increase commercial fleet efficiency, opportunities for threat actors to hit the ‘mobile data banks’ also magnify. In 2024, two primary threats in the fleet ecosystem will be applications and the expanding charging network, which can leak enormous amounts of data and disturb operations severely, says Shira Sarid-Hausirer, VP of Marketing, Upstream Security.

The fleet ecosystem is a vast space for cybercriminals to find highly profitable targets. From auto manufacturers to ride-hailing services and even local energy grids, all stakeholders, services, infrastructures and vehicles may come under attack, which continues to evolve yearly. Following 2023, which witnessed destructive ransomware attacks, 2024 will add new attack vectors and targets, APIs and the charging infrastructure, respectively. 

Despite many cyberattacks worldwide not being reported, the increased transparency helps cybersecurity companies better identify general trends in various sectors. For 2023, there was a dramatic increase in telematics and cloud attacks, reaching 43% from 35% in 2022. Attacks on infotainment systems nearly doubled, from 8% in 2022 to 15% in 2023, which explains the inflexion point, says Sarid-Hausirer: the significant change to large-scale and impactful attacks. 

Some key figures from the Upstream’s 2024 Global Automotive Cybersecurity Report are: 

  • High and massive-scale attacks accounted for 49% of all 2023 attacks, up from 22% in 2022 
  • 37% of threat actors’ actions had a far-reaching impact - targeting multiple OEMs simultaneously 
  • There’s been a 156% increase in deep and dark web activities related to automotive and smart mobility as compared to 2022
  • 95% of cyber incidents were performed remotely, 85% of them long-range
  • Black hats (bad actors) executed 64% of attacks
  • Attacks against telematics and backend systems account for 43% of total incidents, up from 35% in 2022
  • Attacks against in-vehicle infotainment systems nearly doubled and accounted for 15% of total incidents, up from 8% in 2022

And how impactful they might be? Considering that all the critical information about your fleet can appear on the deep and dark web’s black markets, which bad actors can use to launch several attacks to disrupt operations, the damage may seem irreversible. 

One of the most significant attacks in 2023 targeted a fleet management company with ransomware, disrupting operations for three weeks.

“When looking under the hood into the deep web1 and dark web2, we have much more information on commercial vehicles. Over 855 threat actors’ activities targeting global or commercial fleets had large-scale impacts (between thousands and millions of vehicles). 81% of activities were targeted on a global scale.”

The newest targets: APIs and charging stations

As connected technologies get more robust, the services and digital features are reaching new highs, offering new vectors for threat actors from internal OEM and Tier-1 management systems to EV charging management and payment services. 

“In the fleet ecosystem, APIs govern many critical elements of the ecosystem. Most fleet management systems and telematics IoT (Internet of Things) devices leverage APIs to enable advanced data-driven capabilities. API risks related directly to unauthorised access to sensitive data and the ability to cause large-scale operational disruption to fleet systems.” 

The sensitive data, mainly personal identifiable information (PII), are the perfect digital loot to sell on dark web black markets. At the same time, vulnerabilities in APIs can provide remote control over vehicles and management systems. For example, a security researcher modified a Japanese OEM developer app and accessed the customer relationship management (CRM) database, taking advantage of misconfigured APIs and a lack of proper authentication and verification.

Large-scale attack targets sourced from APIs include smart mobility vendors, fleet operators and mobility IoT devices. Yet, the charging network is another critical target for attacks commencing from the cloud. Both hardware and software components of charging stations are vulnerable to cyber-attacks. They could cause the loss of vast amounts of operational and consumer data and operational disruptions. 

“The top risk at the moment is data leakage. Last year, a global charging provider suffered a 1TB data leakage incident. The charging process involves many PII elements, including names, credit card/payment details, location, etc.; therefore, it is a prime target for threat actors. But moving forward, we expect more attempts by threat actors to disable charging stations or tamper with their activities.”

These are just the tip of the iceberg, as the attack space enabled in the Vehicle-to-Everything (V2X) space also includes Bluetooth connections and OTA (Over-the-Air) remote software updates. The latter is explicitly threatening, as an attack through intervening OTA can affect several vehicles and even entire fleets, says Sarid-Hausirer. At this point, periodic software updates are crucial to ensure safety over wireless and more vulnerable communications. 

OEMs are pioneering the cyber security armament

With the requirements of specific regional and global regulations, auto manufacturers and the fleet ecosystem are increasing their awareness towards cyber threats at a satisfying pace. 

“From the OEM perspective, we see very deep involvement of commercial vehicle OEMs taking an active approach to cybersecurity”, says Sarid-Hausirer. 

UNECE WP.29 R155 (UN Regulation No. 155) provides the framework for cybersecurity, but many OEMs already leverage advanced cybersecurity tools and solutions to safeguard the operational availability of fleets and safety. 

“Given the expanding app-based ecosystem and the proliferation of fleet management IoT, we see a growing focus on protecting IoT protocols as well as APIs to ensure smooth operations.” 

Additionally, the SEC (the US Securities Exchange Commission) requires companies to report cyber attacks within 96 hours, which “led to a dramatic impact across the entire landscape,” says Sarid-Hausirer. In China, the largest EV market in the world, the emergence of new regulations helps expand the coverage of cybersecurity measures. Expanding R155 to two-wheelers is another sign of increased activity towards cyber threats on a broader scale. 

And the first step to counter mounting cyber threats in the fleet ecosystem? Establishing a Vehicle Security Operations Center (vSOC). 

The deep web is the layer below the open web (where we surf online daily), or surface web, and contains around 90% of all websites. This unseen layer is always described as the iceberg beneath the ocean surface and is so large that it is almost impossible to detect how large it is.
2 The dark web contains websites not indexed by traditional search engines and only accessible through specialised browsers (such as Tor). The dark web is much smaller than the surface web and is considered a part of the deep web, representing the tip of the submerged iceberg. 

The main photo is courtesy of Shutterstock, 2071413611.

Authored by: Mufit Yilmaz Gokmen