Ferrari’s recent incident shows yet again why the automotive industry is a prime target for cybercriminals and ransomware groups – joining a long line of similar attacks including Ferrari’s hit last year, the “Conti” incident of Volkswagen and Audi or Renault as collateral in the WannaCry campaign, to just name the more news-worthy ones. As manufacturing processes are digitalized but security is still a lower priority, the car industry is a treat for cybercriminals: as shown by the staggering 225% increase in sector-specific incidents over the last three years.
Renowned Italian sports car manufacturer Ferrari has just fallen victim to a ransomware attack in which client contact details were compromised, according to a recent statement from the company. As for the response to the ransom demand, Ferrari initiated an investigation with a global cybersecurity firm and alerted relevant authorities, however, in line with its policy of not paying ransoms, the company has opted to inform its customers of the potential data exposure and the incident’s nature. Although the attack did not impact Ferrari’s operational functions, the company is working with third-party experts to reinforce its systems and has expressed strong confidence in its future resilience.
This is not the first time that Ferrari has been hit by a cybersecurity incident. Last year the company reported the posting of internal documents online and worked to identify how it had occurred. Reuters reported that Ferrari had been attacked by the RansomEXX cyber gang, resulting in the public exposure of seven gigabytes of sensitive customer documents. The incident highlights the continuing threat of ransomware to the automotive industry, as multiple carmakers and their respective supply chain have also fallen victim to data breaches in the past.
Such cybercrime continues to evolve, expand its scope, and persist with unwavering determination. In 2022 malicious cyber actors were estimated to have caused a global damage of up to $8 trillion USD. However, this figure is anticipated to surge to as much as $10.5 trillion USD annually by 2025, reflecting a year-over-year growth rate of 15% over the next few years. Perpetrators of cybercrime often target critical Edge infrastructure and IoT, leveraging their vulnerabilities to gain unauthorized access. These attacks have generated significant media attention due to their profound impact on businesses and consumers. No industry is immune to cyber threats, including the automotive sector, which has witnessed a 225% increase in cyberattacks over the last three years.
The automotive industry has begun to digitize its manufacturing processes, but cybersecurity remains a lower priority in this transformation process for most companies. This is music to the ears of cybercriminals who are increasingly adopting ransomware attacks. A recent ransomware trends report revealed that nearly 50% of the 100 largest automotive manufacturers are highly affected by ransomware attacks, with more than 17% of automotive suppliers likely to suffer an attack. The WannaCry outbreak in 2017, which affected over 200,000 computers in 150 countries had a strong impact on French automaker Renault, which was forced to temporarily idle some of its plants in Europe due to the incident. In a more recent attack, the “Conti” ransomware group hit Volkswagen and Audi, affecting over 3.3 million customers, and interested buyers in the US and Canada.
Remote cyberattacks far outnumber physical attacks in this sector, accounting for 85% of all incidents. Among these, 40% of attacks are directed towards back-end servers. The primary categories of these campaigns include ransomware, data breaches, and control system breaches. As a result, the automotive industry is projected to incur losses of up to $505 billion by 2024 due to cyberattacks. Several notable cybersecurity incidents have specifically targeted the motor sector in the past year and beyond. For example, a North American EV manufacturer suffered a cyberattack in April 2021, which involved hackers using a drone equipped with a Wi-Fi dongle to remotely access and manipulate the doors of the company’s vehicles. Another major incident occurred in late February 2022, when Toyota was compelled to halt production at several of its plants in Japan following a severe cyberattack on one of its suppliers.
To address this issue, the automotive industry needs to rethink its wider security strategy, as legacy systems and physical security measures are no longer enough. Manufacturers need to understand why cybercriminals see them as attractive targets, which includes exploiting their modernized technology, cyber espionage, and attacking third-party vendors. To prevent attacks, car manufacturers need to distribute their resources effectively and understand the different security challenges and risks that are associated with their systems and equipment. This includes adopting correct security practices when securing their OT environments as more organizations connect their legacy systems to the Internet. The industry is being challenged from multiple sides from a security and organizational perspective, as cyber espionage and attacks remain a large threat to the manufacturing of vehicle development, production, and delivery.