PR87270

HERZLIYA, Israel, December 16, 2020, /PRNewswire=KYODO JBN/--

The annual report reveals automotive-related cyber threat trends and analysis

in light of recently drafted and adopted cybersecurity standards and

regulations as well as the COVID-19 pandemic; the report also includes a

one-of-a-kind analysis of automotive cyber threats identified throughout the

deep and dark web.

Upstream Security, a leading provider of cloud-based automotive cybersecurity

solutions, today released its 2021 Global Automotive Cybersecurity Report

[http://www.upstream.auto/2021Report ]. The annual report shares in-depth

insights and analysis derived by analyzing 633 publicly reported automotive

cyber incidents spanning the last decade, highlighting vulnerabilities and

threats identified during 2020.

For the first-time-ever, the annual report offers an in-depth mapping of all

2020 automotive cyber incidents to the threats listed in the UNECE WP.29

regulation as well as an analysis of the risk levels of specific incidents as

required by the ISO/SAE 21434 regulation. The report also includes an inaugural

segment focused on non-disclosed automotive-related cyber incidents discovered

throughout the deep and dark web.

2020 has been a year of disruption in the automotive industry, both because of

COVID-19 and the new automotive cybersecurity standards and regulations

[https://upstream.auto/regulations ]. The rising number of connected vehicles

increases the entry points and vulnerabilities that hackers can leverage, and

the ever-growing automotive cyber threat landscape continues to develop.

"With the continued rise of cyber attacks against the automotive industry and

the regulatory requirements that were developed in response, now more than

ever, automotive stakeholders must take heed of the cyber threat landscape,"

said Oded Yarkoni, Upstream Security's VP of Marketing. "Knowing and assessing

automotive cyber threats both on the surface and on the deep and dark web is

the first step in developing an effective cybersecurity management system and

complying with the cybersecurity demands of both regulators and consumers."

Upstream's 2021 Global Automotive Cybersecurity Report introduces key findings

of the Upstream AutoThreat Intelligence

[https://upstream.auto/autothreat-intelligence/ ] research team as well as

cybersecurity recommendations for automotive stakeholders:

- Connected vehicles are here to stay: The rising number of connected vehicles

leads to increased vulnerabilities and entry points for hackers to leverage;

more than 200 automotive cyber incidents were publicly reported in 2020 alone.

- Most automotive cyber hacks were carried out by hackers with malicious

intent: In 2020, 54.6% of hacks were carried out by black-hat hackers to

disrupt business, steal property, and demand ransom. 39.1% of hacks were

committed by white-hat hackers and researchers, including those as part of an

automotive bug-bounty program.

- There was a growth of servers targeted in 2020: The three most common attack

vectors over the last decade were servers, keyless entry systems, and mobile

apps, with a 73% growth in server attacks in 2020. All three top attack vectors

are attacked remotely, and as seen in 2020, 77.8% of all incidents were remote attacks.

- The number of automotive-related CVEs is growing: To date, there have been

110 CVEs (Common Vulnerabilities and Exposures) related to the automotive

industry, 33 in 2020 compared to 24 in 2019.

- Theft of data and vehicles were among the top impacts of cyber attacks in

2020: 36% of incidents in 2020 involved data and privacy breaches, and 28% of

incidents involved thefts or break-ins.

- Standards and regulations indicate an industry-wide recognition of cyber

threats: When mapping cyber incidents from 2020 to threats indicated by the

UNECE WP.29 regulation, 89.9% of incidents related to threats to vehicles

regarding their communication channels and 86.7% related to threats to vehicle

data/code, the top two threat categories.

- While COVID-19 slowed down many automotive operations, cyber attacks were on

the rise: OEMs and automotive suppliers were prime targets during the pandemic,

with a cyber attack even shutting down a major OEM. The pandemic also led to

factory closures, assembly-line shutdowns, supply chain interruptions, and even

some OEMs pivoting their activities altogether.

- The deep and dark web contains a noticeable amount of automotive-related

hacks and threats: The most frequent and significant automotive hacks discussed

on the deep and dark web include ECU tuning, infotainment hacking, selling

stolen identities to access OEM and smart-mobility accounts, and leaking

automotive source code or data.

- Automotive cybersecurity has been recognized as vital: The automotive

cybersecurity market is expected to grow over the next decade, with OEMs

recognizing that security-by-design, automotive cyber threat intelligence, and

a well-established VSOC (vehicle SOC) with an integrated cybersecurity solution

is integral to the safety and security of their vehicles and assets.

A full copy of the free report is available for download at the Upstream

Security website: www.upstream.auto/2021Report

Request access to Upstream AutoThreat Intelligence:

www.upstream.auto/AutoThreatAccess

About Upstream Security:

Upstream Security offers a cloud-based automotive cybersecurity

[https://upstream.auto/upstream-c4-platform/ ] and data analytics platform

purpose-built for connected vehicles and smart mobility services. Upstream's

platform fuses machine learning, data normalization, and digital twin profiling

technologies to detect anomalies in real-time using existing automotive data

feeds. Coupled with AutoThreat Intelligence, the first automotive cybersecurity

threat intelligence feed, Upstream provides unparalleled cybersecurity and

data-driven insights, readily available and seamlessly integrated into the

customer's environment.

Upstream is privately funded by Alliance Ventures (Renault, Nissan,

Mitsubishi), Volvo Group, Hyundai, Nationwide Insurance, Salesforce Ventures,

CRV, Glilot Capital Partners, and Maniv Mobility.

Visit us at: www.upstream.auto

SOURCE: Upstream Security