Company discovers critical cyber threats facing car manufacturers due to publicly accessible sensitive information, including exposed credentials, assets and blueprints
CybelAngel, a global leader in digital risk protection, today released its Global Cyber Investigation, "The Race Against External Threats in the Automotive Supply Chain," that shows the automotive industry is at severe risk of ransomware attacks due to the availability of hundreds of thousands of exposed credentials online. The company conducted a wide-ranging six-month investigation of leading automotive companies to understand their cyber exposure risk and vulnerabilities, analyzing assets that are publicly available without the need for authentication.
The investigation revealed that highly sensitive information was leaked, including trade secrets, personally identifiable information (PII), blueprints of engines and production facilities, confidential agreements, human resources (HR) documents and more. These leaks are due to both employee internal threats and external security weaknesses across the automotive supply chain.
Data was found across file servers, email exchange servers, databases, pastebins and IoT devices. Key findings include:
- A single vendor leaked nearly 200 pages of blueprints detailing the facility infrastructure and security system specifications.
- A single facilities supplier leaked IP and documents from six different brands including blueprints and facility diagrams.
- Out of a sample group of 2.2 million employees, roughly one in 10 employees have exposed publicly accessible credentials available online.
- Out of 14 manufacturers (2.2 million employees), 60 million keyword matches with 800,000 alerts of brand names in documents hosted on exposed servers, clouds and databases.
- Companies from the United States and Western Europe suffered the most exposed credentials. These credentials represent a major risk, as stolen, exposed, or reused credentials are exploited in 30% of ransomware attacks.
- Researchers found 26,322 exposed assets with open ports or vulnerable protocols that needed to be closed immediately or monitored closely.
"The risks of exposed data cannot be overstated. Ransomware attacks, leaks, exposed assets and credentials put companies at risk of intellectual property theft, data theft, corporate espionage, fraud and regulations fines," said Erwan Keraudy, CybelAngel CEO. "The automotive sector in particular is attractive to hackers because it has long, complex and interconnected supply chains with varying cybersecurity levels and therefore weak points. Now is the time for the automotive industry to take action to lock down data and safeguard credentials."
For more information on the threats targeting the automotive industry and how the adoption of a digital risk protection platform, such as CybelAngel, can help bring hidden threats to light, download today's report.
Follow CybelAngel for the latest details on research, events and other news:
- Twitter: @CybelAngel
- LinkedIn: https://www.linkedin.com/company/cybelangel/
About CybelAngel
CybelAngel is the world-leading digital risk protection platform that detects and resolves external threats before they wreak havoc. Because more data is being shared, processed or stored outside the firewall on cloud services, open databases and connected devices, the digital risk to enterprises has never been greater. Organizations worldwide rely on CybelAngel to discover, monitor and resolve external threats across all layers of the Internet, keeping their critical assets, brand and reputation secure. To learn more, visit CybelAngel.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20210914005200/en/
Contacts:
Media:
Carrie VanBuskirk
W2 Communications
cybelangel@w2comm.com