Cyber Threats to the European Automotive Industry

3 minute read
Timeline of Selected Cyber Threats Impacting Automotive Companies, between 2021-2022

The automotive industry is a critical industry across Europe. However, it has also become an increasingly attractive target for cyber threat actors, seeking to do harm to automotive companies by leveraging ransomware, supply chain compromise, executive exposure and more. ZeroFox leads the market by offering a comprehensive suite of external threat protection to help mitigate these threats.

Overview of the European Automotive Industry

The automotive industry is one of Europe’s most critical industries, estimated to provide employment to 13.8 million Europeans. Within the EU, the sector is the largest private investor in research and development. In the UK, the automotive industry is worth more than £78.9 billion turnover and adds £15.3 billion value to the UK economy.

However, the importance of the industry and rapid technological advancements in automotive connectivity has made the sector an attractive target for cyber threat actors. Car manufacturers and their suppliers are now some of the most targeted entities across the threat landscape.

Why Target the Automotive Industry

Integrating software into automotive design has become increasingly more common which, in part, attracts cybercriminals. Motivations range from financial to political, but I’ve outlined some key reasons threat actors target the automotive industry:

  • Luxury car manufacturers across Europe with high turnover and global brand.
  • Intellectual Property that has high intrinsic value to automotive companies.
  • Amount of customer data.
  • Totemic target for politically motivated threat actors such as climate change activists and state actors.
  • Complex global supply chains and interconnected web of third-party trust.
  • Multiple vectors to disrupt operations, such as production lines and sales processes.
  • High number of employees.
  • Wider attack surface via ever-increasing connectivity of cars and reliance on digital solutions.

Did you know….

In September 2021, the ZeroFox Threat Intelligence team discovered a ransomware variant called Colossus that was actively targeting and in ransom negotiations with a group of automotive dealerships based in the United States. The strain affected machines running Microsoft Windows operating systems. Colossus shared a similar ransom note structure to EpsilonRed, BlackCocaine, and some SodinoKibi/REvil notes.

Key Threats to the Automotive Industry


ZeroFox has identified approximately 100 ransomware incidents impacting the industry in 2021-22. The frequency and scale of ransomware attacks is expected to continue at an accelerated pace throughout 2022. 

  • Average downtime reached a high of 23 days in 2021, up from 16 days in 2019. 
  • Average cost of ransomware remediation reached $1.85 million in 2021, up from $750,000 in 2020. 
  • REvil demanded $70 million from victims of their attack on Kaseya, the highest ransomware demand seen.

Data Breaches

Attacks beget further attacks. The automotive industry is significantly impacted by data breachers, owing to the large amounts of customer information, intellectual property and employee credentials companies hold. These can be leveraged for further malicious activity. 

  • Failed ransomware negotiations are driving increases in the publishing of breached data.
  • In Q4 2021, Initial Access Brokers were observed most frequently selling access to compromised manufacturing organisations.

Supply Chain Compromise

The automotive industry is at high risk from attacks on supply chains due to the interconnected web of technologies and services that support the life cycle of vehicles.   

  • Vehicles are becoming increasingly connected, containing as many as 100 Electronic Control Units each.
  • Many rely on third-party software services post-production that may be difficult to patch or maintain.
  • Smaller companies within a supply chain with less robust security can be leveraged to target multiple downstream targets.

Executive Exposure

Threats to executives are increasing. They are leveraged by threat actors to conduct financial fraud, deploy ransomware, damage the brand and even kidnapping. 

  • 75% of executives have experienced credential exposure.
  • 50% of executives reuse passwords.
  • 60% of compromised credentials were plaintext.
  • 60% of executives have PII for sale on underground marketplaces.
  • 300% increase in impersonations 2020-21.
  • Compromised executives’ records can cost less than €10 to purchase.

See ZeroFox in action