Stopping Data Leaks in the Automotive Sector

63
Stopping Data Leaks in the Automotive Sector

Today’s complex digital landscape requires a defense-in-depth approach. Automotive manufacturers should be deploying multiple layers of security,” says Pauline Losson, Global Director of Analysts at CybelAngel in an exclusive interview with ITSecurityWire.


ITSW Bureau: The automotive industry is undergoing huge digital transformation changes, from cloud migration to greater interconnectivity. What challenges does this present in terms of protecting data?

Pauline Losson: Digital transformation is a leading priority for the automotive sector, with more efficient processes and automation playing a key role in accelerating production and reducing costs. More cost effective production has become particularly important over the last two years as the pandemic has seen a sharp decline in demand, with September 2021 seeing the lowest sales in two decades.

However, the benefits delivered by digital transformation must be weighed against the increased exposure to cyber threats. A larger and more interconnected infrastructure creates a greater attack surface that can be exploited by cyber criminals, and the automotive industry faces threats on multiple fronts, from opportunistic criminals to nation state actors committing corporate espionage. Our latest global research found that most automotive companies are inadvertently leaving sensitive information exposed, making themselves low hanging fruit.

The sector’s extended supply chain is also very vulnerable to disruptive attacks like ransomware. In just one example, last year Honda suffered a serious attack from the Ekans ransomware, which ground global operations to a halt as industrial control systems were locked down.

Also Read: Significance of Preparing for Cyber-Attacks in today’s Data-Driven World

The industry is responding to these threats, with 71 percent of industry CISOs saying that investment in IT security was a major priority.

ITSW Bureau: The research identified exposed employee credentials as a particular security risk in the sector; how could these be exploited by criminals?

Pauline Losson: The majority of cyber-attacks begin with stolen user credentials, which the threat actor then exploits to compromise the user’s account and endpoint devices. What happens next depends on the adversary’s objectives and skill level.

More sophisticated actors will begin escalating their access privileges until they can reach high value data and systems, while others may immediately deploy ransomware or other malicious software. Stolen, exposed or reused credentials are exploited in 30 percent of ransomware attacks, for example. Compromised accounts can also be used to conduct phishing attacks on the company’s supply chain.

Stolen credentials are particularly dangerous as a single set can often be used to access multiple systems, so just one compromised user can lead to a serious breach.

Threat actors will often see to acquire user credentials through phishing attacks, but for a shocking number of organisations, they may simply be able to pluck them from the internet. In our sample investigation group of approximately 2.2 million employees, around one in 10 had credentials publicly accessible online. Overall, we found that 14 leading automotive manufacturers had roughly 215,000 credentials associated with passwords that have been exposed between them in a six-month period.

ITSW Bureau: What should companies do to mitigate these risks? 

Pauline Losson: Today’s complex digital landscape requires a defense-in-depth approach. Automotive manufacturers should be deploying multiple layers of security.

Implementing stronger identity-based security measures such as multifactor authentication will stop threat actors from easily exploiting stolen login credentials. Organizations should also prioritise capabilities such as asset discovery and account takeover protection which can help to identify vulnerable or already compromised credential sets, giving the firm the opportunity to change passwords before they can be exploited.

IP scanning can uncover existing leaks of confidential information and track the source back to connected devices across the entire network, determining if a leak was internal or via the supply chain.

ITSW Bureau: Internal leaks of corporate data such as facility blueprints, pose a further security risk. What impact could this have to their operations should it fall into the cybercriminals’ hands?

Pauline Losson: All organizations are potential targets for cyber criminals, but sectors like automotive are particularly lucrative targets because of their high-value intellectual property. Blueprints, source code, and other IP are targeted by nation state actors conducting corporate espionage, and will also fetch a high price on the Dark Web.

An increasingly popular strategy among criminal gangs is to exfiltrate sensitive data and then encrypt the original files with ransomware. The perpetrator will then attempt to extort the victim by threatening to leak or sell the data unless further payment demands are met.

Stolen data may also be used to execute further attacks against the manufacturer’s operations. Blueprints for example may expose Operational Technology (OT) and network access points, enabling threat actors to attack the company’s infrastructure.

Despite these risks, our investigation found a large number of sensitive data sets including blueprints, contracts and invoices exposed on file servers that were openly accessible. Many firms are unaware of the full extent of assets on their systems, where they reside on the network, and what kinds of access controls are in place around them.

Also Read: Creating an Effective Incident-Response Plan

ITSW Bureau: Cybersecurity needs to be considered right across the value chain – what are the key considerations for the automotive sector in addressing these?

Pauline Losson: Alongside their own internal infrastructure, this visibility needs to extend outwards to the supply chain. Threat actors are increasingly targeting third party contacts as a way of circumventing security controls. The automotive sector and other manufacturing industries are especially vulnerable to this threat due to their large and complex supply chains. Our research found that 80 percent of identified data leaks originated from the automotive supply chain, spanning partners, suppliers and customers. These data leaks are far more challenging to locate compared to internal issues without the right tools in place.

Automotive manufacturers need to be aware that security threats can come from every element of their operations. This has become particularly pressing in recent years as organizations expand their IT infrastructure through digital transformation. Firms must ensure they have the visibility and control to keep their estates secure as they continue to grow or else risk presenting threat actors with a large attack surface that offers a myriad of opportunities for exploitation.

Pauline leads the Global Analyst Team of CybelAngel as Director of Cyber Operations. She joined CybelAngel 4 years ago and originally graduated from a Crisis Management & Intelligence Master/Graduate Program in Sciences Po Lille, France. After managing the US customers of CybelAngel, she is now in charge of the growth and strategy of the Analysts at CybelAngel, including on investigation programs.