Cyberattacks on Auto, Mobility Industries on the RiseCyberattacks on Auto, Mobility Industries on the Rise

Cyberattacks are a growing problem for the automotive industry – despite increased regulatory attention.

That’s one of the key takeaways from Israeli company Upstream Security’s 2025 Automotive & Smart Mobility Cybersecurity report, an annual overview that is now in its seventh year.

The report says the attacks are getting more serious. It found that in 2024, no fewer than 60% of the cybersecurity incidents in the sectors affected “thousands to millions” of assets, including vehicles, charging stations, smart mobility apps and connected devices.

Indeed, the potential for significant disruption was highlighted by the fact that what are considered “massive scale” incidents – each one impacting millions of vehicles – rose dramatically, from 5% of the total to an alarming 19%.

In total, Upstream recorded a total of 409 new incidents in 2024 – up from 295 in 2023 – taking the total number of documented cases since 2010 to 1877. This was attributed to a dramatic rise in ransomware attacks.

A breakdown of the incidents showed that 59% were data and privacy breaches; 55% affected services and business; 23% related to car systems and 21% were frauds. Other impacts included loss of control of cars; loss of location tracking; and allowing cars to be broken into. Telematics and application servers represent the most likely route of attack.

Related:Ban on Connected Car Tech From China, Russia Finalized

As the report points out, the potential for serious losses is vast. A ransomware attack into software systems provided by CDK Global in June to car dealers in the U.S. caused three weeks of disruption and was estimated by Anderson Economic Group to have potentially prevented 56,200 new vehicle sales, resulting in lost earnings of $1.02 billion.

The report also acknowledges how the rise of software-defined and autonomous vehicles (AV) increases vulnerabilities, too. Concern about potential misuse of data by AVs and connected cars with software that was developed in China and Russia prompted the Biden administration to finalize a ban that was introduced in January and will take effect for Model Year 2027 vehicles.

National economic adviser Lael Brainard said at the time: “Connected vehicles with software and hardware systems linked to foreign adversaries could expose the American people to risks of misuse of their sensitive data or interference by malicious actors.”

Upstream, which develops a cloud-based AI-power data management system for connected vehicles and smart mobility solutions, believes more needs to be done to address the cybersecurity threat.

CEO Yoav Levy said: “Cyber threats are evolving faster than the industry is prepared to handle, outpacing regulation-driven measures. Threat actors have already shifted toward large-scale, sophisticated and AI-powered attack methods, targeting not only vehicles but also interconnected systems such as EV charging infrastructure, API-driven apps and smart mobility IoT devices. This growing attack surface demands a transformative and proactive approach to cybersecurity.”