The Trend Micro report analyzes cyberattacks on the road and reveals how they can be avoided. Global cybersecurity leader Trend Micro Incorporated (TYO: 4704; TSE: 4704) has published an important study that sheds light on connected vehicle safety and highlights the multiple scenarios drivers face, where they may encounter attacks that endanger their safety and that of others.
You can read the full report, Cybersecurity Risks of Connected Tools, here.
The report highlights the scope of the cybersecurity risks examined. Researchers conducted a qualitative risk analysis by examining 29 real-world attack scenarios according to the DREAD attack model. While these attacks are carried out remotely, victim vehicles can be made in ways they target and do not. You can see examples and key points in the report below:
DDoS attacks on Intelligent Transportation Systems (ITS) pose a high risk by suppressing connected vehicle communication.
Connected vehicle systems with vulnerabilities and vulnerabilities are easily discovered, creating a high risk of exploitation.
17 percent of all attack vectors are categorized as high risk. Since these attacks can be carried out with limited knowledge of connected vehicle technology, they can be carried out by an attacker with low technical ability.
The research reveals ample opportunity for attackers looking to exploit connected vehicle technology. There is limited opportunity for attacks, and cybercriminals have yet to find reliable ways to monetize such attacks. While current United Nations regulations require all connected vehicles to have cybersecurity, a new ISO standard is in preparation. As we move towards a connected and autonomous vehicle future, the time is right for industry stakeholders to better identify and focus on cyber risks.
While more than 2018 million passenger cars with embedded connectivity are expected to be sold worldwide between 2022 and 125, progress towards fully autonomous vehicles continues. These developments will create a complex ecosystem that includes the cloud, IoT, 5G and other key technologies, while also creating a massive attack surface with the potential to consist of millions of endpoints and end users.
Report; He points out that as the industry evolves, opportunities for monetization and sabotage will arise for cybercriminals, hacktivists, terrorists, nation states, whistleblowers and unscrupulous speculators. The average of 29 attack vectors in the study to turn into a successful cyber attack is stated as Intermediate. Conversely, the possibility of embedding SaaS applications in the Electrical/Electronic (E/E) components of vehicles can offer cybercriminals new opportunities to monetize attacks, and the transformation in attacks may result in higher-risk threats.
To avoid the risks highlighted in the study, connected vehicle security needs to be designed with an integrated view of all critical areas to secure the end-to-end data supply chain. Trend Micro can perform the following high-level processes to protect connected tools:
- Agree to compromise and have effective warning, containment and prevention processes.
- Protect the end-to-end data supply chain through the vehicle's E/E network, network infrastructure, back-end server and BSOC (Vehicle Security Operations Center).
- Put lessons learned into practice to strengthen defense and prevent repetition.
- Related security technologies include firewall, encryption, device control, application security, vulnerability scanning, code signing, IDS for CAN, AV for head unit and more.