Skip to Main Content

Article

Automotive Industry Faces Increased Cyberattacks 

Share

Over the past few months, the automotive industry has faced a blight of ransomware attacks, which have affected the availability of new cars and parts, dealership payroll and inventory, and, as a byproduct, global economies. According to the Center for Automotive Research, the automotive industry and related goods and services account for as many as 8 million jobs in the US, demonstrating the potential economic effects of recent attacks.   

Notable recent disruptions to the automotive industry:  

CDK   

Beginning on June 19, 2024, BlackSuit ransomware targeted CDK, a software solution that provides car dealerships with inventory, invoicing, and payroll tools. As reported by multiple sources, CDK paid a $25 million ransom payment to the threat actors. Even with the alleged payment, the restoration of CDK services proved to be a monumental effort, with some organizations still working to fully restore operations. However, the ransom payment pales in comparison to the estimated business interruption losses this event has caused, which is assessed to be as high as $1 billion- a significant blow to the US economy.  

AutoCanada  

AutoCanda, a support software for dealerships primarily located in Canada, faced a security incident beginning on Sunday, August 11. At the time of this reporting, no threat actor has claimed responsibility for the incident, and the cost of business interruption is yet to be assessed. This cyber disruption comes amid difficult times for AutoCanada, which reported a loss of $33.1 million in Q2 2024.  

Toyota 

A threat actor operating under the monicker, ZeroSevenGroup,leaked approximately 240 GB of data associated with Toyota to the dark web. The leak includes personal and professional contact details, financial records, customer profiles, business plans, employee information, and more, according to Cyber Press. While this incident may not directly affect Toyota’s ability to conduct business, it could produce reputational challenges and prompt significant data security inquiries.  

Analyst Comments 

The automotive industry continues to face a myriad of challenges, from supply chain issues during COVID, to significant dealer markups, to plummeting used car prices. Now, recent cyberattacks bring the industry’s supply chain and third-party tools under scrutiny. In the coming months, it is likely that dealerships and manufacturers will increasingly evaluate and undertake heightened due diligence into their third-party supply chain to assist in mitigating their cyber risk exposure.