Threat Actors Targeting Automotive Industry

A new PIN (Private Industry Notification) has been released by the FBI regarding observed incidents since late 2018 in which unidentified cyber actors have increasingly targeted the automotive industry to obtain sensitive customer data, network account passwords, and internal enterprise network details.

Cyber actors have successfully compromised networks using brute force attacks and phishing emails, which have resulted in ransomware infections, data breaches leading to the exfiltration of personally identifiable information, and unauthorized access to enterprise networks. This year, several automotive company recipients received phishing emails with malicious attachments. Some recipients opened the attachment which enabled macros to run and allowed the cyber actor to gain access and move laterally through the enterprise and exfiltrate sensitive data.

The FBI assesses the automotive industry will likely face a wide-range of cyber threats and malicious activity in the near future as the vast amount of data collected by Internet-connected vehicles and autonomous vehicles become a highly valued target for nation-state and financially-motivated actors.

Recommendations:

• Back up data regularly
• Enable strong passwords and lockout policies to defend against brute-force attacks
• Ensure software and operating systems are updated regularly
• Educate employees to identify and report fake website links or attachments in emails
• Implement multi-factor authentication for access to sensitive systems and information
• Install and regularly update anti-virus
• Monitor employee login attempts from unusual IP addresses and other anomalous activity
• Notify all employees of phishing attempts and encourage them to be extra vigilant