Ransomware: The Cyber Attacks on The Automotive Industry

09 Feb 2021

Industry at large is increasingly in the crosshairs of ransomware threat actors. Attacks across all sectors are growing bolder, more frequent, and exponentially more expensive. A recent report found that ransomware attacks targeting the industry were second only to those targeting government in prevalence.

Automakers and the automotive industry seem to be getting special attention from ransomware threat actors. One possible reason? Attackers have identified the automotive segment as more vulnerable than others, and they are exploiting it.

Worrying Cross-Sector Industrial Ransomware Trends

Ransomware threat actors are increasingly adopting more sophisticated techniques to threaten manufacturing operations as a whole, and the automotive segment in particular. Notably, experts are tracking more frequent incorporation systems (ICSes) and can spread from IT networks to OT networks.

The stakes are high. Recent research found that ransomware costs to the manufacturing sector have been higher. In 2019, industrial companies spent more than any others on ransomware payments - some $6.9m in payouts to hackers, which was 62% of the over $11m in ransomware payoffs in that year, despite the fact that manufacturing made up just 18% of ransomware cases. In 2020 that number rose further, with the cross-industry cost of ransomware reaching some $20 billion.

Research firm Gartner predicts that the financial impact of attacks on industrial systems resulting in fatal casualties will reach over $50 billion by 2023. As ransomware threats to the automotive sector continue to grow, paying hackers off becomes less and less viable. Protecting assets from ransomware is the only viable option.


Recent Automotive Sector Ransomware Attacks:

  • Tesla thwarts ransomware attempt    
  • Honda global operations halted by a ransomware attack
  • Toyota Australia confirms attempted cyberattack
  • Nissan and Renault hit by a ransomware attack


IT Cybersecurity Partners are NOT OT Cybersecurity Partners

Long used to partnering with IT cybersecurity firms, savvy industrial and automotive stakeholders understand that It and OT cybersecurity are vastly different fields.

It cybersecurity specialized in securing bits and bytes - definitely crucial for the automotive business. OT cybersecurity, on the other hand, specializes in securing both data and physical systems - and especially the intricacies of OT components that communicate via industry-exclusive protocols, that are not even visible to IT networks. OT cybersecurity is focused on the physical systems that drive production, meaning that OT cybersecurity teams prioritize safety and production continuity first.

For example, in a network breach at a manufacturing facility - IT cybersecurity will rush to secure IP and then ensure uptime, whereas OT cybersecurity prioritizes critical safety systems, then production continuity, and then IP. Given the sensitive physical consequences of OT network breaches in the automotive sector, this critical prioritization can literally mean the difference between uptime and production stoppage.

OTORIO: Your OT Cybersecurity Partner

Securing industrial networks that control dangerous physical domains demands a different type of cybersecurity approach. OTORIO offers the world's first end-to-end, industrial-native portfolio of OT security solutions together with a rich portfolio of field-proven professional services including Incident Response, Risk Impact Assessment, Penetration Testing, and Training. This enables our industrial and automotive partners to leverage attack mitigation tools that were designed and built from the ground up for OT ecosystems with operational production processes and continuity as their number one priority.

The explosion of ransomware attacks against industrial networks demands a rethinking of industrial cyber response policy. To facilitate a viable and economical response to industrial network ransomware, insurers need to seek out partners with proven experience in mitigating OT risk.

Get a Cyber Assessment