By Pauline Losson, Global Director of Analysts at CybelAngel
Like most markets today, the automotive industry is driven by advancing technology and steered by the objective of successful digital transformation. However, these advancements have left businesses exposed to more attack avenues. Earlier in the year, Gartner revealed that investments in cyber and information security would be a priority for 71 percent of automotive CISOs in 2021. Given the relentless threats currently facing the industry, this focus must continue.
The industry has already experienced the full force of modern-day attackers. Just last year, Honda suffered a major ransomware attack to its global operations. Ekans ransomware rendered the company helpless as it targeted the industrial control systems network and forced production to halt and workers were sent home.
In addition to ransomware, the industry is facing unprecedented levels of risks from external threats, which are being exacerbated by increasingly complex supply chains. Our latest global research has revealed that automotive companies are unknowingly revealing sensitive information. And so the race is on to locate and plug the data leaks before extensive damage is caused.
The painful reality of exposed credentials
A data leak of any scale is a major security risk to an organisation, but the sensitivity of the data exposed can amplify the fallout. Our research of 14 leading automotive manufacturers revealed that roughly 215,000 credentials associated with passwords have been exposed over a six-month period.
If PII is amongst the compromised data, then organisations risk facing multi-million-pound fines for breaching regulations like GDPR. That’s before you add in the impact a breach has on the brand’s reputation.
The biggest danger posed by data leaks is when the company is completely unaware of the source, or that they’re leaking data at all. By the time the automotive organisation realises the problem, hundreds and thousands of data sets may have been exposed. Credentials are keys that can open any number of doors within the network, so just one compromised login could expose the most valuable assets.
Often, organisations that have a vast attack surface find that a significant proportion is hidden from them. Without this visibility, it’s virtually impossible to defend the network and the production line.
The secondary dangers of ransomware
In addition to sizeable regulatory fines and reputational damage, companies put themselves at risk of further exploitation through ransomware. To put the risks in the automotive sector into context, our investigation found that amongst a sample group of some of 2.2 million employees, around 1 in 10 employees have publicly accessible credentials available online. In what is still a bumper time for attackers launching ransomware attacks, this leaves those organisations at a far greater risk as stolen, exposed or reused credentials are exploited in 30 percent of ransomware attacks.
Exposed credentials are one of the major factors behind a successful ransomware attack. They grant criminals access to different areas of the network, from which they can move laterally and seek out the biggest prize. Often, this can lead to account takeovers or secondary phishing campaigns, using ransomware to infect the systems from within.
Companies with a large ecosystem of customers and partners face heightened risks from credential exposures. We found that 80 percent of identified data leaks actually came from the supply chain – including partners, suppliers and customers – whereas 20 percent came from their own employees. Most data exposed through external and internal leaks is often the same, but external leaks are far more challenging to locate.
One of the more worrying aspects of the investigation were the findings on exposed corporate and commercial information that was left exposed. We found blueprints exposed on file servers as well as email exchanges, contracts invoices and other technical data.
The exposure of such sensitive documentation takes the issue far beyond a simple credential leak. It is a worrying indicator that automotive companies may not be taking appropriate security measures internally to restrict access to critical data. The leak of blueprints in particular could have disastrous consequences, as they expose Operational Technology (OT) and network access points throughout the company. Armed with this information, criminals could infiltrate OT controls and put an entire factory at risk.
Fixing the industry data leak
Whatever the cause of the vulnerabilities, whether it was during the migration to the cloud or simply down to lack of support and resources, automotive companies need to improve visibility across the board. Digital transformation and advancing technologies have boosted manufacturing capabilities, but have also left companies with bigger attack surfaces. Without the necessary visibility over the security of sensitive data and materials within the network, manufacturers present criminals with countless opportunities to exploit leaked credentials.
Several digital risk protection tools can provide that additional layer of defence and uncover potential vulnerabilities left in the network before they become a problem. Solutions, such as asset discovery, account takeover protection and data breach prevention, stop adversaries in their tracks. The automotive industry can identify the weaknesses in their network, whether third party or internal, and close the gaps before the attackers arrive. In order to improve visibility, IP scanning can uncover leaks of confidential information from any connected device across the entire network, internal or that belonging to a third party.
On this occasion, it is perfectly acceptable to start the race well over the starting line, to get on top of confidential data leaks, and stay ahead of competing attackers.