Top Cyber Threats Automotive Dealerships Should Look Out For

Automotive dealerships are attractive targets for hackers. A combination of storing lots of sensitive customer data, handling large financial transactions, increased dependence on digital technologies and a perception of immature cybersecurity all combine to create a perception of dealerships as lucrative targets for threat actors. This article takes a look at some of the top automotive cyber threats dealerships should look out for.   

Recent Cyber Attacks on Auto Dealerships 

One 2023 report from CDK Global found that 46% of dealerships reported experiencing a cyberattack/incident that resulted in a negative financial/operational impact over the previous 12 months. Taking a look at some recent cyberattacks on auto dealerships gives insight into the types of cyber incidents your dealership might contend with.

Eagers Automotive

Eagers Automotive is the largest car dealership in Australia. The company suffered a cyberattack that compromised IT systems in both Australia and New Zealand at the end of 2023. The disruptions to IT systems undermined the company’s ability to finalize transactions, according to a company statement. It appears sensitive data about a small number of customers was also accessed in the attack. The threat group LockBit 3.0 claimed responsibility for the attack, making it a ransomware incident.  

Arnold Clark

December 2022 saw popular European car dealer Arnold Clark hit by a severe cyberattack where 10,000 people’s data was stolen. The Play ransomware gang conducted the attack, which exfiltrated data and installed ransomware in a classic double extortion hit. The gang also eventually leaked this sensitive data online. The initial impact was also extreme, with many dealerships resorting to pen and paper after IT systems went down. 

Holdcroft Group

In another damaging cyber incident for a dealership, Holdcroft Group in the UK got hit by a severe ransomware attack that compromised sensitive data and destroyed some elements of the company’s IT infrastructure. Hackers stole two years’ worth of information, including staff passwords and personal data.   

Top Automotive Cyber Threats 

One positive bit of news is that the recently enforced FTC Safeguards Rule (with which automotive dealers need to comply) appears to be bolstering cybersecurity. The CDK Global report from 2023 found that 75% said their security improved post-compliance. However, automotive cyber threats remain prevalent, and it’s important to understand them so dealerships can better protect against them.  

Social Engineering

Email phishing is the number one threat to automotive dealerships, but you can really expand this to encompass all types of social engineering. The nature of dealership operations, with frequent and varied interactions with customers, suppliers and financial institutions, creates many opportunities for social engineers. With so many potential outside parties that dealerships work with, it’s relatively easy for threat actors to disguise themselves.  

Inadequate Cybersecurity Training and Awareness

Part of the reason social engineering attacks pose such a threat is that staff at automotive dealerships often lack effective cybersecurity training. Staff members are typically trained with a focus on sales, customer service and automotive knowledge rather than on the nuances of cybersecurity. This makes them more prone to errors like clicking on suspicious links, downloading attachments from unknown senders, setting weak passwords or sharing sensitive data. Complicating matters is a high annual staff turnover rate of 24%, which makes practical training more expensive and difficult.  

Ransomware Attacks

As evidenced by the recent attacks on dealerships, ransomware is a huge problem and isn’t showing signs of stopping. Despite fewer companies across all sectors caving into gangs’ demands and paying ransoms, these attacks pose such a threat because they target two critical aspects of auto dealerships’ operations: data accessibility and data confidentiality. When ransomware infects a dealership’s systems, it encrypts vital data files, renders them inaccessible and impedes the dealership’s ability to operate effectively. Double extortion attacks that steal sensitive customer information, financial records or proprietary business data worsen the impacts.   

Attacks on Connected Vehicles

Direct cyberattacks on vehicles are a growing threat to dealerships, particularly with the rise of connected vehicles. Hackers can exploit weaknesses in internet connectivity and wireless communication features to gain remote access/control over vehicles or spy/steal data. Modern vehicles use network protocols like CAN (Controller Area Network) to allow various components (ECUs – Electronic Control Units) to communicate. Unfortunately, CANs have been shown to be susceptible to various technical attacks. 

IoT Security Weaknesses

Dealerships increasingly use IoT devices for various functions, from inventory management with RFID tags to repair bays to smart security systems. Each device represents a potential entry point for cyber attackers into a dealership’s network. The problem is that IoT devices often lack standardization or a security-first design, exposing them to vulnerabilities that savvy hackers use as entry points to dealership networks.  

Improving Automotive Cybersecurity

Aside from the standard steps like improving training and awareness programs, segmenting the network, and applying software updates on time, dealerships can also strengthen cybersecurity with outsourced security services customized for the automotive industry. At Nuspire, our service offerings for auto dealerships include incident readiness to help put incident response plans into practice and limit the damage from attacks, advanced threat hunting, and managed detection and response  

Contact us today to find out more.  

Have you registered for our next event?