In early 2021, CybelAngel analysts undertook a global cyber investigation to understand the digital risks faced by the automotive industry. We found extensive data leaks, vulnerable assets, and exposed credentials. The findings of our investigation are now available to the public. Highlights include:
- 60 million keyword matches
- 800K alerts of documents hosted on exposed servers, clouds, and databases.
- 215K employees having credentials exposed or compromised,
- 235K exposed assets
Why is the Auto Industry Vulnerable?
Automobile manufacturers are in the middle of a digital transformation leaving them vulnerable to data leaks and ransomware. Manufacturers are reliant on complex supply chains resulting in valuable and confidential information being shared among hundreds of third parties outside of the client companies’ control. Their products, vehicles, are becoming more connected thus vulnerable to digital and supply chain attacks. See the actual documents leaked by third parties here.
- Case example: An industrial design firm responsible for a leading US car firm’s new factory leaked ~200 pages of blueprints detailing the facility infrastructure and security system specifications.
How did we conduct our investigation?
Our analysts selected 14 leading automotive companies then applied CybelAngel Data Breach Prevention, Asset Discovery and Monitoring, and Account Takeover Prevention solutions to locate publicly accessible data leaks, vulnerable assets such as RDPs, and exposed credentials. These digital risks leave companies vulnerable to data breaches, ransomware, and supply chain attacks. Read the full results here.
- Example findings: 235,046 exposed assets found. Of these, 26,322 were deemed to have open ports or protocols that should be closed or monitored closely.
Our investigation confirmed that automotive companies are facing severe risk from external threats of multiple kinds. You can read our results by downloading The Race Against External Threats in the Automotive Supply Chain here.