Member Article

Global automotive industry data leak – Engine and factory blueprints openly accessible online

The automotive industry is at severe risk of ransomware attacks due to 215,000 exposed credentials becoming available online, according to an investigation by cybersecurity firm CybelAngel.

The research was carried out to understand the cyber exposure risk of leading players in the automotive industry and analysed assets that are publicly available without the need for authentication.

The most significant leak was from an industrial design firm responsible for a leading US car firm’s new factory. The leaker appears to be a China-based design services supplier, commissioned especially for this project. These documents, dated to 2020, include around 200 pages of blueprints detailing the facility infrastructure and security system specifications.

One manufacturer in the analysis exposed several million files in an AWS S3 bucket. The information included commercial details, email exchanges, contracts, invoices, and technical data. Another company exposed documents on their supplying of steel. Another company exposed documents on their supplying of steel and other inputs to their competitors in violation of a Non-Disclosure Agreement (NDA), exposing them to legal risk.

Erwan Keraudy, CybelAngel CEO, said: *“The risks of exposed data cannot be overstated. As well as ransomware attacks, leaks, exposed assets and credentials put companies at risk of intellectual property theft, data theft, corporate espionage, and fraud. The exposure of employee PII also means companies could end up being hit with multi-million dollar fines for breaking regulations like the GDPR.” *

“If the information relates to confidential information such as details of a company sale, the organisation that leaked the data could face legal action for breaking non-disclosure agreements or data privacy regulations as well as causing the failure of the entire acquisition deal.

“The automotive sector is attractive to hackers because it has long, complex, and interconnected supply chains with varying cybersecurity levels and therefore weak points. This report should be a wake-up call for the car industry, because the road ahead will be extremely bumpy unless action is taken to lock down data and safeguard credentials.”

This was posted in Bdaily's Members' News section by TH .