Stellantis was targeted by hackers, it revealed over the weekend, the latest in an escalating series of cyberattacks aimed at deep-pocketed automakers and their suppliers. This month alone, BMW became a target of a potential ransomware attack while Jaguar Land Rover is still reeling from a cyberattack that has effectively shut down production for the past three weeks. More from Headlight.News.
Hackers have stepped up attacks on the auto industry.
Stellantis on Sunday confirmed it detected “unauthorized access” to a supplier’s computer system which exposed some basic customer information. It marked the latest known cyberattack targeting an automaker, a problem that has been growing substantial worse in recent months.
The list of manufacturers who’ve been targeted shows this to be a global threat, including Hyundai, BMW, Stellantis and Jaguar Land Rover. In a number of cases, hackers are using suppliers as a back door to gain access. But they’re also targeting dealers and data service providers, “looking for the weakest link in the chain,” said Sam Abuelsamid, lead analyst with Telemetry Research.
The biggest crisis, at least for the moment, centers around JLR which is still struggling to restart production three weeks after it was hit by a cyberattack. According to various news reports, the British automaker is losing nearly $70 million a week in lost production. That figure doesn’t include JLR’s suppliers and other vendors, many of whom have been forced to lay off their own workers due to the production stoppage.
The latest attacks
The Stellantis cyberattack appeared to focus on customer data, rather than manufacturing operations.
Stellantis on September 21 said unidentified hackers targeted “a third-party service provider’s platform that supports our North American customer service operations.”
If there’s a positive side, the Euro-American automaker added, it’s that the attack yielded only basic names and contact information for customers, but not more critical data, such as birthdates and social security numbers.
“Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.”
BMW targeted
The BMW attack came through a third-party vendor.
Though it remains unclear who targeted Stellantis, authorities point the finger at Everest, a Russian-linked group of cybercriminals for an attack on BMW last week. On its site, Everest claimed it obtained “Critical BMW Audit Documents” and was giving the German company a matter of days to respond to its demands.
It’s unclear whether BMW has responded to Everest in any form following the ransomware attack, though a well-placed source, asking to speak only on background, confirmed to Headlight.News that “the system was compromised.” But he stressed that the cyber-criminals were limited in what they actually could obtain since they found a back door through a third-party vendor, rather than targeting BMW’s own computer network.
“They don’t have the second batch of documents” needed to actually do anything with what Everest acquired, the source claimed, stressing that “All systems, including production, are fully operational for us.”
More Auto Tech News
- CDK Pays $25 Million to End Cyberattack
- High-Tech Autos Take the Stage
- U.S. Regulators May Ban Chinese Auto Software
JLR production still off-line
Land Rover is facing one obstacle it can’t overcome: a ransomware attack.
The situation remains much more dire at Jaguar Land Rover which, three weeks ago, was hit by one of the most serious cyberattacks ever to target an automaker directly. UK government officials have since noted that this is not only having a “significant impact” on the company – shutting down production for nearly a month – but also on the “wider automotive supply chain.”
JLR currently is losing production of about 1,000 vehicles per day at its British operations, with some reports pegging the losses at 50 million pounds, or $67 million, a week. That doesn’t include the impact on suppliers, many of whom have also been idled. JLR now hopes to resume production on September 24.
“It seems unprecedented in the UK to have that level of disruption because of a cyberattack or ransomware attack,” Jamie McColl, a senior cyber and tech researcher at think tank RUSI, told Wired. The JLR attack is “a different order of magnitude” to previous incidents, he added.
The weak link
The ransomware attack on CDK continued to cause problems for dealers for over a month.
Cybercriminals are looking everywhere for opportunities. The auto industry isn’t unique, but it does provide not only deep-pocketed manufacturers – like BMW, Stellantis and JLR — to target, but also plenty of back doors to gain access to critical computer networks.
“No company is doing everything in-house,” said analyst Abuelsamid. “They’re all relying on vendors for various aspects. Any chain is only as good as its weakest link….and you have to secure every element of that ecosystem.”
Unfortunately, Abuelsamid and other sources cautioned, not everyone has done a great job at securing their networks.
Targeting dealers; motorists could be next
The latest-generation of onboard software poses a tempting target for cybercriminals.
One of the worst examples came to light in June 2024 when CDK Global, a multinational data provider that supplies a broad range of software and related services to more than 15,000 North American dealerships, was hit by a series of ransomware attacks.
The Illinois-based CDK’s software-as-a-service, or SaaS, technology can be used in every part of a dealership, and for virtually every aspect of its business. That includes front-end sales and back-end payroll. Dealerships reported losing access to “paperwork” for customers negotiating a vehicle purchase. Service departments were, in many cases, unable to access scheduling. About 15,000 dealers were impacted to varying degrees, the situation only began returning to normal when CDK paid an undisclosed ransom in July.
The next big concern, said Abuelsamid, is what happens when hackers find a way to target vehicles that are becoming ever more dependent on software. With the possibility that could give hackers the ability to access not only infotainment systems but onboard crash and autonomous driving systems, he added, “this won’t be just a financial issue but a safety issue.”
0 Comments