The automotive industry is complicated. While there are only a handful of major manufacturers, there is also a large and complex ecosystem of partners, suppliers and specialists employing close to one million people and turning over more than £82bn annually.
Where there’s money to be made, there are usually hackers, and the automotive sector is no different to any other. One firm estimated a six-fold increase in cyber attacks from 2010 to 2018. Yet the ones grabbing the headlines, and the attention of boards, tend to be targeted at the vehicles themselves. Enterprise IT threats, almost all of which use the domain name system (DNS) at some point in their lifecycle, must not be underestimated.
A digital future
Carmakers are increasingly looking to connected technologies to help drive competitive differentiation and growth. The goal is to create end-to-end driving experiences, using on-board sensors, smart devices and connected systems to improve safety, navigation and vehicle maintenance, while generating valuable customer insight, boosting productivity and keeping passengers entertained. It’s a market set to be worth $225bn globally by 2025, with hundreds of millions of connected vehicles expected to be on the roads by then.
To support these ambitious plans, OEMs are also looking to drive digital transformation at the back-end, using cloud and IoT platforms, 3D printing and extended digital and physical supply chains.
A risky business
This all creates new cyber-related risks, many of which are linked to the connected vehicles themselves. It’s an understandable focus, given that the doomsday scenario for carmakers would be a critical vulnerability that would allow hackers to remotely control a car. Such a threat — such as the bugs discovered in Jeep Cherokees which allowed researchers to control the brakes, steering and many other sub-systems — could imperil potentially millions of drivers, and countless more passengers and pedestrians. The impact on corporate reputation could be devastating: 82% of consumers say they might never buy from a carmaker if its vehicles are hacked.
Fortunately, we’ve yet to see such an attack in the wild. In fact, real-world cyber incidents targeting vehicles is currently largely confined to keyless car theft. On the other hand, cyber attacks against enterprise IT infrastructure are endemic and well documented. They could cause:
Data theft: this could include either sensitive IP, as happened at Tesla, or customers’ personally identifiable information. The latter is a pronounced risk for motor financing firms which collect financial details from customers, as well as car sharing and rented fleet providers. This data is strictly regulated by GDPR.
Interruption/outages: automotive companies are heavily reliant on extensive IT systems for productivity and growth. That makes them a target for ransomware attacks, as well crypto-mining and other raids. In 2017, Nissan’s Sunderland plant was affected by the WannaCry ransomware attack.
Supply chain attacks: hackers will always choose the path of least resistance. That could mean attacking a supplier in order to gain access to their customers’ corporate networks. Personal data on over 28,000 Porsche customers was illegally accessed after attackers targeted a supplier’s servers.
The impact of a serious security breach could include:
- Regulatory fines – GDPR penalties can go as high as 4% of global annual turnover
- Reputational damage, including customer churn
- Cost of remediation, clean-up and forensics
- Potential legal costs if customers or partners sue
- Falling share price
- Loss of competitive advantage
Understanding the DNS
At the heart of cyber risk for any organization is its DNS. The DNS was designed many decades ago to convert domain names to IP addresses, thereby playing a crucial role in allowing users to find the websites, devices and apps they need to connect to. However, it was not designed with security in mind. This means hackers can take advantage of these design flaws, and any new and emerging vulnerabilities, to launch attacks.
By targeting DNS servers and changing answers to the queries they store, attackers can covertly redirect users to malicious sites. The DNS can also be used as a communications channel between command-and-control servers and compromised clients. Traffic is usually whitelisted by firewalls, so the DNS can be used to smuggle stolen data out of an organization in large quantities.
Fortunately, because it’s always on and used so extensively by attackers, the DNS is a great place to gain visibility and control of cyber threats.
Nominet’s NTX solution reduces risk on your network and eliminates threats before they cause harm. Analyzing network DNS traffic for both known and unknown threats, NTX identifies zero-day activity not seen by traditional methods of detection. This narrows the window when malicious activity can compromise your network.
This hands cyber security teams the power to predict, detect and block malicious activity, disrupting attacks before they’ve had a chance to impact the organization. This is proactive, strategic security at its best: helping to protect corporate reputation and the bottom line for carmakers and supply chain partners.
Download our whitepaper to find out more about the ways in which the industry is developing digitally, the online risks threatening its security and how a greater focus on DNS can mitigate attacks and cut the window of compromise for global manufacturers.