Sectrio

Gearing Up for a New Challenge: OT & IoT Security in the Automotive Industry

By Sectrio
July 1, 2024
Sectrio - Featured Image

Summary


The automobile industry is increasingly becoming a target for cyber-attacks as vehicles evolve into sophisticated, connected systems. This transformation introduces vulnerabilities at multiple levels, from manufacturing processes to the vehicles themselves. Cyber threats in this sector can disrupt production lines, compromise sensitive data, and even endanger public safety through attacks on vehicle control systems.

The automobile industry is increasingly becoming a target for cyber-attacks as vehicles evolve into sophisticated, connected systems. This transformation introduces vulnerabilities at multiple levels, from manufacturing processes to the vehicles themselves. Cyber threats in this sector can disrupt production lines, compromise sensitive data, and even endanger public safety through attacks on vehicle control systems. This abstract explores the nature of these threats, including ransomware, data breaches, and vehicle hacking. It highlights the importance of robust cybersecurity measures and industry-wide collaboration to safeguard against these evolving risks. Emphasizing the critical need for enhanced cybersecurity protocols, this study calls for continuous vigilance and adaptive strategies to protect the automotive industry’s integrity and ensure the safety of its products.

The Rising Threat: Cyber Attacks on the Automobile Industry

The automobile industry is no exception in an era where technology drives innovation across all sectors. Modern vehicles are increasingly becoming computers on wheels, integrating advanced software systems, connectivity, and automation to enhance user experience, safety, and efficiency. However, this digital transformation also opens new avenues for cyber threats. This blog explores the nature of cyber-attacks on the automobile industry, their implications, and the measures being taken to mitigate these risks.

Cyber-attacks on the automotive industry can take many forms, from hacking into vehicle systems to targeting manufacturing processes and supply chains. These attacks can lead to severe consequences, including the theft of sensitive data, disruption of operations, and even compromising the safety of the vehicles.

How IT-OT cyber-attacks in automobile industries have been increased in the last 5 years?

Automotive,security
Fig:1

Fig: 1 shows the approx. number of cyber-attacks attacked occurred and increased in automobile industries.

Recent cyber attacks

  • Tesla thwarts ransomware attempt
  • Honda’s global operations were halted by a ransomware attack
  • Toyota Australia confirms attempted cyberattack
  • Nissan and Renault hit by a ransomware attack

How Tesla thwarted ransomware attacks

Attackers identified an unprotected Kubernetes console belonging to Tesla, The Kubernetes console was not password-protected, which allowed the attackers to gain unauthorized access. This lack of security is a critical misconfiguration, as it provides a gateway to sensitive internal systems. Once inside the Kubernetes environment, the attackers deployed containers designed to mine cryptocurrency. To avoid detection, the attackers configured the mining software to use a minimal amount of CPU power, ensuring that the spike in resource usage was not easily noticeable and they used techniques to obfuscate the network traffic, making it difficult for Tesla’s security systems to detect the malicious activity. Similarly, if attackers gain access to the IT side of an OT company, they can launch attacks on the OT side by moving laterally within the network. This type of lateral movement allows attackers to penetrate deeper into the organization’s infrastructure, compromising operational technology systems and potentially causing significant disruption.

Sign up for a risk assessment today: Contact Sectrio

Another example from Tesla thwarts ransomware attempt 2020, where a Russian threat actor named “Egor Igorevich Kriuchkov” tried attacking Tesla by using social engineering method where the attacker offered to bribe the employee with $1 million to install malware on Tesla’s network, The malware was intended to provide remote access to the attackers, allowing them to deploy ransomware, employee inserting a USB drive containing the malware into Tesla’s internal network or executing a malicious email attachment.

The malware was designed to establish a backdoor, enabling the attackers to exfiltrate sensitive data and encrypt critical systems with ransomware. Before deploying ransomware, the attackers planned to exfiltrate large amounts of sensitive data as leverage to ensure Tesla would pay the ransom and once data exfiltration was complete, the ransomware would encrypt Tesla’s critical systems, causing significant disruption to operations.
Based on our current research we have observed that the attacks on the automobile industry have drastically increased in recent years, Let’s understand the threat increasing the Automobile sector in more detail by seeing the output of the attacks received on our Automotive honeypot lab, dark web analyze and some open-source intelligence research.

Sectrio’s honeypot network in the Automobile Industries

In the heart of an automotive manufacturing facility, where precision and innovation drive the production line, lies a hidden gem—a meticulously crafted honeypot designed to lure cyber attackers. This honeypot, camouflaged within the network, mimics the complex IT and OT environment of the automotive industry, silently waiting to detect and analyze malicious activities.

The Genesis of the Honeypot

Our journey began with a clear objective to understand the ongoing cyber-attacks targeting the Automobile industry and to enhance security. We have designed our OT honeypot architecture to monitor and analyze the new and possible types of attacks on automotive industries, complete with both IT and OT components. Our Automobile honeypot is segmented into the IT Network, OT Network, and the DNZ zone.

IT Networks consist of different servers, Endpoint workstations, and other Networking devices. OT Network consists of PLCs, RTUs, SCADA systems, HMIs, CNC machines, CAN Bus Networks, MES, etc.

All the traffic coming to this honeypot is captured and monitored to identify attacks and enhance the detection power of the Section’s Operational technology Intrusion detection system in the Automobile industry.

The chances of attackers targeting the OT systems of automobile industries are increasing day to day and after in-depth research and analysis from our honeypot traffic, Dark web, and some OSINT we have observed that Ransomware attacks are more commonly happening in the automotive industry.

Let’s understand some attacks from our honeypot lab with an example,

a)    Manipulating the CAN Bus

The first sign was seen when our OT Intrusion Detection system flagged an anomaly on the CAN bus network, the backbone of communication within vehicles and a popular communication standard in the automobile sector, It helps in communication between different electronic control units. The Electronic Control Unit (ECU) is responsible for processes in a car, which includes the break, engines, airbags, etc. The ECUs can communicate with the help of the CAN protocol. An attacker had injected false messages, attempting to manipulate the signals controlling the robotic assembly arms. This attack aimed to disrupt the precise coordination required for assembling vehicle components. Due to the honeypot environment, the attack was within the simulated environment allowing us to research and analyze the attack vector and malicious payload used.

b)     Ethernet Network Breach

Sectrio threat management module or (NIDS – Network Intrusion detection system) detected a flood of unusual traffic on the Ethernet network. An attacker attempts the DoS attack, they were trying to target the honeypot webserver and other file servers in the IT network. The goal seems to overwhelm the network with traffic and cause a shutdown of critical systems. Our honeypot’s robust IDS captured the attack, enabling us to strengthen our defenses against such threats. 

c)      Ransomware on the MES

Sectrio detected a sophisticated cyber-attack that targeted the Manufacturing Execution System (MES). The Threat actor used social engineering techniques to gain the initial access, they then deployed ransomware that began encrypting production data.This attack aimed to halt production by locking critical data and demanding a ransom. The honeypot’s endpoint security measures detected the unusual file encryption activity, allowing us to analyze the ransomware and understand its behavior. . We have the honeypot email system where we added the automation script so whenever we get any phishing mail or any email, the script will click the URL and initiate an analysis.

Darkweb Analysis for OT/ICS and IoT

We have researched and analyzed over 20+ threat actor forums on the dark web and their telegram channels and observed that more than 50% of them have already targeted the automobile sector and 10% of them are planning to target the automotive industry. It shows how threat actors are moving from IT industries to OT industries, this is due to critical infrastructure, cyber-attack in OT industries can lead to significant disruptions causing operation halts and companies cannot afford long downtime in the operation and it is also feasible to target due to legacy technologies that are outdated and contain vulnerabilities. Updating the OT system frequently is a challenging task due to continuous operations and the potential risks, leading to prolonged use of outdated technology.

We have taken a few snapshots from the dark web form for the famous companies to showcase how threat actors are publishing and leaking the data of Automotive industries,

Automotive,security
Fig:2 AKIRA Darkweb forum
Automotive,security
Fig:3 shows the Ransomware attack on Nissan Australia, the threat actor group named “AKIRA” had targeted the company and leaked all the data in the forum for download.
Automotive,security
Fig:4

Another Nissan attack on “Nissan of Lac Cruces”, the attack on done by a Ransomware group named “Lorenz”. Fig:4 shows how the threat actor has leaked the Nissan of Las Cruces data on their forum.

Automotive,security
Fig:5

Fig:5 shows the dark web forum page of a threat actor named “Cl0P” who had attacked Toyota -Boshoku and the data are all leaked and available to download

Automotive,security
Fig:6

Fig:6 shows the Cyber-attack on an Italian luxury sports car manufacturer organization.

Sectrio Recommendation

To defend against the THREAT ACTOR and mitigate the risk of their attacks in the Automobile sector, organizations are advised to consider the following countermeasures:

  • Employee Awareness and Training
  • Regular patch management
  • Network segmentation
  • Advanced Threat detection
  • Incident Response Readiness
  • Regular security assessment
  • Strong Access control
  • Endpoint protection
  • Network monitoring and logging
  • Encryption and data protection

For more information, download our comprehensive threat report today: OT/ICS And IoT Security Threat Landscape Report 2024

Automotive,security

Sectrio, a leading provider of cybersecurity solutions, specializes in protecting OT, ICS, and IoT environments. Their offerings include a suite of advanced threat detection and response tools, designed to safeguard critical infrastructure from cyber-attacks. Sectrio’s solutions leverage AI and ML to provide real-time monitoring, anomaly detection, and predictive threat intelligence, ensuring that industrial systems are secure and resilient.

To learn more about Sectrio’s offerings and to schedule a proactive OT/ICS and IoT risk assessment, speak to our experts today.

This article has been attributed to Dipanjali Rani from the threat research team at Sectrio.

Summary


The automobile industry is increasingly becoming a target for cyber-attacks as vehicles evolve into sophisticated, connected systems. This transformation introduces vulnerabilities at multiple levels, from manufacturing processes to the vehicles themselves. Cyber threats in this sector can disrupt production lines, compromise sensitive data, and even endanger public safety through attacks on vehicle control systems.

Summary


The automobile industry is increasingly becoming a target for cyber-attacks as vehicles evolve into sophisticated, connected systems. This transformation introduces vulnerabilities at multiple levels, from manufacturing processes to the vehicles themselves. Cyber threats in this sector can disrupt production lines, compromise sensitive data, and even endanger public safety through attacks on vehicle control systems.
Sectrio - Featured Image

Read More

Protecting your critical assets is only a few steps away

Scroll to Top