Ferrari confirmed that it was hit by a ransomware attack that exposed customers’ personal data. In an official statement, the Italian luxury sports car manufacturer said that it was “recently contacted by a threat actor with a ransom demand related to certain client contact details.”
Benedetto Vigna, CEO of Ferrari, said in a letter sent to customers that the threat actor was “able to access a limited number of systems in our IT environment.” The breach exposed customers’ personal data, including names, addresses, email addresses, and telephone numbers, but Vigna said that based on Ferrari’s investigation, “no payment details and/or bank account numbers and/or sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.”
Ferrari also said that the breach did not affect the operations of the company.
Ferrari added that upon receipt of the ransom demand, it immediately started an investigation with an unnamed “leading global third-party cybersecurity firm” and, in accordance with data protection regulations, informed the relevant authorities. As a matter of policy, the carmaker declined to pay ransom as doing so “funds criminal activity and enables threat actors to perpetuate their attacks.”
Ferrari said that it had worked with third-party experts to further strengthen its systems.
Recent data breaches in the automotive industry
Data breaches, such as what Ferrari has fallen prey to, are not new in the automotive industry. In 2022, General Motors suffered a credential-stuffing attack that exposed customer information and allowed cybercriminals to redeem rewards points for gift cards. NIO, an electric vehicle manufacturer based in Shanghai, received an email in which the sender stated that they had obtained stolen data and intended to publicize it unless a ransom of US$2.23 million in bitcoin was paid. And the tire manufacturer Continental was hit by an attack from the LockBit ransomware group, which threatened to leak the data it allegedly stole from Continental’s systems if the company did not pay the demanded ransom.
Notably, the tactics of the perpetrators of the Ferrari and Continental attacks are in line with the shift from data encryption to data extortion that Trend Micro expects to prevail among ransomware actors in 2023.
The proliferation of data breaches in the automotive industry only proves that it has indeed become one of the major incident types that automotive manufacturers (OEMs) should stay vigilant against.
Securing vehicles against data breaches
As with many modern cybersecurity risks, there is no single solution that can eliminate all chances of a successful breach. OEMs, however, would do well to espouse a more comprehensive approach to security. Here are several security measures that OEMs can consider as they continue to build strategies against data breaches:
- As the use of open-source libraries continues to increase in order to accelerate development time, OEMs should plan for the potential vulnerabilities associated with open-source libraries. Despite being created and maintained by trusted communities of developers, open-source software like OpenSSL and SQLite might still pose various security risks. If left unaddressed, vulnerabilities in such software could be exploited by malicious actors to gain unauthorized access and steal sensitive business data and customer information.
It is then critical to implement robust security measures such as VicOne’s xZETA, which help OEMs uncover known and unknown vulnerabilities during the development phase. Using xZETA’s automotive-grade virtual analyzer, OEMs can monitor suspicious behavior to detect potential malware and backdoors in their software. - It is important to ensure security not only within the connected car’s internal systems but also across the wider industry. This requires attention to the IT security of back-end servers such as OEM service servers and customer relationship management (CRM) systems, the operational technology (OT), and the industrial control systems (ICSs) of the car factory. Protecting these interconnected systems will help mitigate the risk of cyberattacks and prevent sensitive data from being compromised.
- For enhanced security, it is recommended to operate the vehicle security operations center (VSOC) independently from the enterprise SOC. OEMs can work with a security company or a managed service provider (MSP) to help them manage the VSOC and safeguard sensitive data. This approach not only prevents data breaches but also allows more experienced automotive cybersecurity experts to extract signatures from the attack data and turn them into rules to detect similar imminent threats, thereby adding an extra layer of protection.
Leveraging over 30 years of cybersecurity experience from Trend Micro and the expertise of more than 10,000 independent researchers from Zero Day Initiative (ZDI), VicOne’s cybersecurity solutions use the latest technologies like machine learning, behavior monitoring, and extended detection and response to help secure connected cars.
Learn more about our solutions by visiting our homepage.