Press Room
The international automotive sector: highly vulnerable to cyberattacks
In 2024, Cipher detected 960 cybersecurity attacks against the global automotive sector, up 63% on the previous year.
Madrid, February 21, 2025 – Cipher, the cybersecurity division of the Prosegur Group, has warned through its cyber intelligence team Unit x63 of the growing number of cybersecurity attacks in 2023 and 2024 in the international automotive sector, which includes manufacturers, suppliers and customers. The use of increasingly sophisticated ransomware programs to exploit vulnerabilities increased by 63%, with 960 incidents reported in 2024 alone.
Organized cybercrime gangs such as Lockbit3, Ransomhub, Alphv, Bianlian and Akira have perfected double extortion techniques, which has generated some 533 incidents alone in the United States, 62 in the United Kingdom and 47 in Canada. Other countries are also vulnerable.
Critical vulnerabilities: the industry's Achilles' heel
The automotive industry is among the sectors that has attracted the most attention from digital criminals: last year, some 440 incidents were reported by leading companies such as Toyota, Volkswagen and Mazda, typically due to uncorrected security flaws that attackers take advantage of to infiltrate critical systems.
Attackers and their tactics
The automotive industry faces a variety of cybersecuty threats from organized crime gangs, including espionage groups sponsored by states. Among the most common actors detected by Cipher's Unit x63 is Threat Actor 888, a specialist in credential dumping, as well as GhostEmperor, which specializes in espionage and exploitation of insecure communication protocols. The most commonly used techniques rely on malware through tools such as Clop, OtterCookie, CAPSAICIN and FICORA.
Impact of attacks on the automotive industry
A successful cybersecurity attack can be devastating: a system crash caused by hacking is an economic and reputational blow. Unit x63’s research shows that the consequences of these digital threats can interrupt production and the supply chain, causing millions of dollars in economic losses and/or the exposure of sensitive data belonging to customers, suppliers and employees, among others.
Focus on recommendations
Tho heads of Unit x63 say that to reduce the impact of cyberattacks, companies must act as quickly as possible, applying security updates without delay. In addition, with the emergence of AI, hacks are more unpredictable and companies are increasingly unprotected. Therefore, it is essential to implement advanced measures to prevent unauthorized access, along with strict policies to prevent accounts from being compromised.
Unit x63 also highlights the importance of applying solutions that allow action in real time, in addition to promoting training and raising awareness of digital risks, both for a company's employees and society in general. However, even the best digital security model may not work. Therefore, organizations must have incident response plans, that is, clear strategies to minimize the impact of cyberattacks.
In response, Cipher's cyber intelligence unit has a specialized solution, xMDR, designed to detect and respond to advanced threats with 92.86% coverage of MITRE ATT&CK tactics and 66.32% of MITRE techniques. The platform is made up of more than 400 automatic processes for detection, response and prevention, protecting the industry from possible attacks and breaches to its systems.