The future of automotive cybersecurity: Treating vehicles as endpoints

The automotive industry is facing many of the same cybersecurity risks and threats that successful organizations in other sectors are up against, but it’s also battling some distinct ones.

In this Help Net Security interview, Josh Smith, Principal Threat Analyst at Nuspire – a managed security services provider that has deep roots in the automotive sector and protects clients like GM and Subaru – talks about the present risks and threats and opines on the future of automotive cybersecurity.

Why do major automotive companies outsource some security services instead of handling them with their in-house security team?

While many automotive companies do have internal security teams, the decision to outsource certain cybersecurity functions often comes down to resource optimization, expertise and the rapidly evolving nature of cyber threats.

Establishing and maintaining a 24/7 security operations center (SOC) isn’t just costly; it also demands a significant investment in both cutting-edge technology and skilled personnel capable of continuous monitoring. The financial burden of staffing, training and retaining a team capable of around-the-clock monitoring and rapid response can be prohibitive, particularly given the current shortage of experienced cybersecurity professionals and the ongoing war for talent in this space.

Outsourcing these functions to a specialized cybersecurity provider allows automotive companies to leverage a wealth of expertise and industry-specific knowledge without the associated overhead costs and logistical challenges.

Moreover, outsourcing enables companies to focus on their core business operations and innovation efforts. The external provider’s ability to filter out noise and deliver actionable intelligence ensures that the in-house team can concentrate on strategic initiatives rather than being overwhelmed by day-to-day threat management. In a threat landscape where new threats emerge daily and constantly evolve, this approach provides both financial efficiency and enhanced security, allowing companies to stay ahead of potential risks.

What are the most common types of cyber threats that automotive companies face today?

Ransomware attacks have become one of the most prevalent and dangerous threats facing automotive companies today. As detailed in Nuspire’s Q1 and Q2 Threat Landscape Reports, automotive manufacturers are particularly vulnerable to these attacks.

The manufacturing sector has long been a prime target for ransomware due to the complexity of their IT and OT systems, combined with a historically lower emphasis on cybersecurity. This intricate environment provides numerous entry points for attackers, making infiltration easier. Additionally, automotive manufacturers often operate on tight schedules and cannot afford the prolonged downtime caused by a ransomware attack, making them more likely to pay a ransom—a factor that further incentivizes attackers to target this sector.

Another significant threat is third-party risk, which has become increasingly common as digital transformation expands. Automotive companies, like many organizations, rely heavily on remote management tools and software that interfaces with numerous endpoints, amplifying these risks. Attackers often exploit these vulnerabilities through phishing, stolen credentials or weaknesses in external-facing technologies. The impact can be severe, as seen in incidents like the SolarWinds breach, where the compromise of a single supplier led to widespread disruption across multiple organizations.

While these threats are not unique to the automotive industry, the sector’s reliance on complex supply chains and third-party vendors often magnifies the potential impact. The interconnected nature of automotive manufacturing means that a breach in one part of the supply chain can quickly ripple through to others, causing significant operational and financial damage. This underscores the importance of robust cybersecurity measures tailored to the specific needs and vulnerabilities of the automotive industry.

How do advancements in automotive technology impact the cybersecurity landscape? Are you also tasked with helping them defuse these specific threats?

As vehicles continue to evolve and become more digitized, the threat landscape for the automotive industry expands, introducing new potential vulnerabilities.

Every technology, no matter how advanced, comes with its own set of weaknesses, and automotive technology is no exception. The increasing complexity of vehicle systems, which now include a range of digital components and connectivity features, creates more entry points for potential cyberattacks. This growing interconnectivity, while beneficial for innovation and convenience, also means that vehicles are more exposed to threats from various sources, including sophisticated threat actor groups.

We recognize the critical importance of addressing these evolving threats, and we consult with clients across all industries – including automotive – to help them understand the specific threats and threat actors that may target them and how they do it, and to tailor their defenses. The approach is proactive, ensuring that defenses are not just generic but specifically designed to counter the types of attacks most likely to impact their operations.

How do you stay updated with cyber threats and trends specific to the automotive industry? How do you share information and collaborate with the internal IT departments of your automotive clients on defusing them?

We stay updated on cyber threats and trends by leveraging threat intelligence from both organic data sources and third-party outlets.

One concerning trend that has recently emerged is the development of additional extortion tactics by a ransomware group called Hunters International. In a previous attack on a medical facility, the group introduced a third “layer” of extortion. When the ransom wasn’t paid, they threatened to use a list of clients to call in bomb threats or other extreme activities, prompting a SWAT team response to their homes. This represents a dramatic escalation in their aggressiveness to collect the ransom.

Another trend we’ve observed is the increase in attacks targeting VPN vulnerabilities. When new vulnerabilities are announced, threat actor groups quickly exploit them to gain initial access, making this a significant concern for any organization relying on VPNs for secure remote access.

We collaborate with clients by sharing information through consulting, briefs and reports to keep them updated on trending threats and vulnerabilities. This ensures that internal IT departments are well-equipped to address emerging threats, helping to safeguard their operations against potential disruptions.

Have you noticed specific patterns or sources of cyber espionage attempts to steal automotive firms’ intellectual property?

Advanced persistent threat groups, such as APT4, APT6 and APT37, are notorious for their focus on intellectual property theft, especially in industries where proprietary technology and competitive advantage are critical. These groups are typically well-funded, highly organized and possess capabilities far beyond those of conventional ransomware actors.

APT groups are known to develop zero-day exploits—attacks on vulnerabilities that are unknown to the software vendor and, therefore, unpatched—giving them a significant advantage in breaching even well-defended networks. They often create custom malware specifically designed to infiltrate and exfiltrate data from targeted organizations, employing sophisticated techniques such as lateral movement within networks, privilege escalation and data exfiltration to achieve their objectives.

This level of threat sophistication underscores the need for a robust, layered defense-in-depth strategy for automotive firms. It’s not just about preventing known threats; it’s about maintaining comprehensive, real-time visibility across all endpoints in the network to detect, respond to and neutralize malicious activities as they occur.

Given the proprietary nature and immense competitive value of automotive technology, these firms must be particularly vigilant against espionage attempts, as the consequences of a successful attack could be devastating both financially and reputationally, potentially leading to lost market share and long-term erosion of trust.

What future developments or innovations in cybersecurity do you anticipate will be crucial for the automotive industry?

In the future, vehicles will likely need to be treated much like endpoints within an organization, especially as they continue to integrate more advanced technology. As vehicles become more connected and autonomous, the parallels between them and traditional IT endpoints, such as computers and servers, will grow stronger. This shift requires a new perspective on how cybersecurity is approached in the automotive industry.

When considering the motives of threat actors, it’s important to recognize that most are financially driven. Targeting an individual autonomous vehicle offers limited financial gain, and at present, the technological demands for such an attack far outweigh the potential rewards. However, the situation changes dramatically if a threat actor were to gain access to a broader system, such as a patching or updating infrastructure that manages hundreds or thousands of vehicles. The ability to compromise multiple vehicles simultaneously could provide a significant incentive for attackers, turning what might seem like a low-value target into a high-stakes opportunity.

The future of automotive cybersecurity will likely focus on securing these broader systems and ensuring that vehicles, as endpoints, are protected from mass exploitation. This will involve developing robust patch management, continuous monitoring and rapid response capabilities to mitigate the risks associated with large-scale attacks on connected vehicles.