VicOne Inc.
VicOne releases “2023 Automotive Cybersecurity Threat Trends” report A detailed explanation of the ever-evolving cyber threats targeting the automotive industry, predictions for effective security
strategies, etc. In the first half of 2023, losses due to cyber attacks soared to over $11 billion worldwide, targeting the entire supply chain
……
VicOne (Shibuya-ku, Tokyo, CEO: Max) is a subsidiary of Trend Micro Corporation (Shibuya-ku, Tokyo, CEO: Eva Chen) and is a leading company in the automotive cybersecurity field. On December 5, 2023, Chen) announced the launch of the “2023 Automotive Cybersecurity Threat Trends” report. This comprehensive report is based on data from vehicle manufacturers (OEMs), suppliers and dealers around the world and details:
●As the use and monetization of vehicle data increases, the associated threat of misuse by cybercriminals
●Automotive cyber threat trends and examples that will occur in 2023 ●Prospects of focus areas for effective cybersecurity strategies beyond 2024 Below, we will explain the significance of VicOne’s 2023 Automotive Cybersecurity Threat Trends report and introduce some of the latest automotive cybersecurity trends revealed by the report.
If you would like to view the full report, you can download it here. https://vicone.com/jp/reports/automotive-cybersecurity-report-2023
In response, the promotion of autonomous driving has been cited as one of the major pillars of countermeasures, as well as improving the wage level of drivers and improving the efficiency of logistics, and public and private sectors are conducting demonstration experiments on expressways. I am.
As these efforts progress over the medium term, it is predicted that the improved cybersecurity of connected cars will become even more prominent in society in Japan as well. This report has been researched with the hope that it will help not only people working in the automobile industry and related industries, but also think about future global trends and the future of automobiles, one of Japan’s representative industries. Edited.
In the first half of 2023, losses due to cyberattacks will soar to over $11 billion worldwide, targeting the entire supply chain The 2023 Automotive Cybersecurity Threat Trends report states, “According to our threat analysis, losses from cyberattacks exceeded $11 billion globally in the first half of this year, an unprecedented jump compared to the previous two years.” It has become clear that it was recorded.”
Furthermore, “Detailed investigation reveals that these cyberattacks primarily target automobiles and suppliers, and this trend is increasing. Most notably, more than 90% of these attacks The target was not the OEM itself, but other companies in the supply chain. Attackers have a harder time breaking into well-protected companies, so they tend to target companies that are less vigilant. However, supply chain disruptions will impact OEMs as well.
As a result, defending against cyberattacks should go beyond protecting a single company and extend to strengthening the entire supply chain.”
[Image
Identification of the most commonly reported vulnerabilities in cyber attacks on vehicle data
This report identifies the major vulnerabilities that can put vehicle data at risk and summarizes them in a table as a Common Vulnerability Enumeration (CWE). As a result, vulnerabilities such as out-of-bounds write (OOBW), out-of-bounds read (OOBR), buffer overflow,
use-after-free, and improper input validation were shown to be the most frequently reported by VicOne. Many of these vulnerabilities have been discovered in chipsets and systems-on-chips (SoCs), as well as vulnerabilities in third-party management applications and in-vehicle infotainment (IVI) systems. A growing number of attacks are targeting third-party suppliers, including logistics providers, service providers, and companies involved in the production of parts and accessories.
Latest/Important Cases of 2023: Vulnerability Zenbleed
Additionally, this report includes research on important cases confirmed in 2023, including the Zenbleed vulnerability. If exploited, this vulnerability could leak sensitive information at a rate of 30kb per second per core. In addition, injecting malicious messages and commands into CAN (Controller Area Network) bus systems is a popular method among vehicle attackers, as well as exploiting vulnerabilities in telematics systems and application programming interfaces (APIs). There are also ways to infiltrate back-end cloud infrastructure. The report also explores the cybersecurity issues associated with the increasing complexity of vehicles and the integration of connectivity, automation, and advanced driver assistance systems (ADAS).
Additionally, the industry is seeing increased losses due to cyber-attacks such as ransomware, data breaches, and identity theft, as well as costs associated with system downtime. The loss
calculations presented in this report are based on tangible costs related to technology and operations, rather than intangible costs such as branding, public relations, sales, and marketing costs. Additionally, it notes that there are currently regulatory gaps regarding vehicle data, while also pointing out that the United Nations motor vehicle regulation UN R155 will mandate safety standards for new cars by July 2024. .
VicOne CEO Max Chen comments:
“The automotive industry should prioritize cybersecurity more from a resource and budget perspective. This requires continuous process building, organizational strengthening, skills development, and system-wide improvement. Without these, cybersecurity cannot be effectively implemented.
Now is the time for companies and organizations in the global automotive industry to get serious about building their capabilities in the critical areas identified in this report. ”
You can download “2023 Automotive Cybersecurity Threat Trends” here. https://vicone.com/jp/reports/automotive-cybersecurity-report-2023 About VicOne
With a vision to protect the cars of the future, VicOne provides a wide range of cybersecurity software and services for the automotive industry. Developed to meet the demanding demands of automakers, each VicOne solution is designed to match, secure, and scale the advanced security needs of modern vehicles. VicOne is a subsidiary of Trend Micro and is based on Trend Micro’s cybersecurity technology developed over more than 30 years. This provides unparalleled automotive protection and deep security insights to help customers develop safe and smart vehicles.
For more information, please visit www.vicone.com.
■Reference: Current VicOne partner Japanese companies
・Fujitsu: Collaboration to realize high value-added VSOC services ・Tier Four: Collaboration to realize secure automated driving ・Hitachi Astemo: Collaboration and collaboration on security solutions for connected cars
・Panasonic Automotive: Joint development of virtualization security for next-generation cockpit systems
[Japanese corporation name] VicOne Corporation (English name: VicOne Corporation)
[Global Representative] CEO Max Chen
[Japanese corporate officers] Chairman Mahendra Negi, Max Chen, etc. [Establishment date (Taiwan)] June 2022
[Establishment date (Japan)] June 2023 (registration month)
[Number of employees (global)] Approximately 100 people
[Head office location] JR Shinjuku Miraina Tower, 4-1-6 Shinjuku, Shinjuku-ku, Tokyo, Japan
[Business description] Cyber security solutions for automobiles