[New Report] More than 18,000 Phishing Domains are Targeting the Global Automotive Industry
September 25th, 2017
In January, CSO Magazine published a comprehensive article explaining how the connected car constitutes a more complex security threat than many people realize.
The article, titled: “How to protect your data, your vehicles, and your people against automotive cyber threats?” went far beyond the obvious risks and vulnerabilities created by on-board technologies such as WiFi and Bluetooth. While these risks are real, potentially life-threatening for drivers and their passengers, and the most interesting to debate, they are not the most lucrative for cyber criminals.
Eric Friedberg, co-president at Stroz Friedberg, said it best, “The threat to automakers is expansive. Phishing attacks or attacks against insecure Wi-Fi and remote access connections, websites, partner and vendor networks, and the physical perimeter can give a cyber-criminal a foothold into the entire corporate network via the connected car ecosystem. Attackers then escalate their newly-hacked privileges to access customer PII, gateways into manufacturing networks, connectivity to safety systems and industrial controls, sensitive emails, the software development environment, and other sensitive information about the car or customer.”
This article made us think… What is the risk posture of the automotive industry? What is their collective level of exposure to phishing attacks and fake domains? So we went to work.
We anonymously searched the Dark Web to find intelligence on 101 leading automotive firms over a six-month period including OEMs, Tier 1 and Tier 2 car companies to understand certain threats facing the industry. We found more than 18,000 fake or phishing domains explicitly targeting the top 100 global automotive manufacturers and OEMs. Additionally, we discovered more than 2,200 leaked email correspondences associated with these same companies circulating on the deep and dark web.
Additional findings concerning the prevalence of leaked credentials, exposed internal login pages, target Lists of employees and VIPs, software vulnerabilities for stealing vehicles and more are detailed in the full report which can be downloaded here: LINK
The IntSights Automotive Cyber Security Benchmarking Report is the first in a series of benchmarking studies that will research and identify the threats facing a variety of the world’s largest industries banking, gaming, healthcare, retail and telecommunications -- and provide statistics regarding that industry's overall risk posture as measured by the availability of leaked credentials, stolen employee information, exposed internal login pages, and registered fake or phishing domains on the clear, deep and dark web.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.