VicOne: Auto Cyberattack Losses Hit Billions Amid Rising AI, EV & Dark Web Threats

VicOne, a leading automotive cybersecurity solutions provider, has released an in-depth analysis highlighting serious concerns for the global automotive industry in 2025. Despite some success in cybersecurity law enforcement over the past year, the landscape of automotive cybersecurity is rapidly evolving, presenting new challenges and vulnerabilities that require immediate attention. The report, “Shifting Gears: VicOne 2025 Automotive Cybersecurity Report,” is available for download and provides key insights into the emerging trends and data points shaping the industry.

Rising Costs and Threats from Cyberattacks

Between 2022 and 2024, cyberattacks targeting the automotive sector resulted in estimated damages amounting to tens of billions of dollars. These attacks primarily stemmed from ransomware, data breaches, and operational disruptions, demonstrating a substantial increase in both frequency and sophistication. The cost of such breaches extends beyond direct financial losses, impacting customer trust, supply chains, and overall market stability.

Escalating Automotive Vulnerabilities

Automotive vulnerabilities reached an all-time high in 2024. More than 77 percent of these vulnerabilities were found in onboard or in-vehicle systems, highlighting a growing security gap. With the continuous integration of smart features and connectivity in vehicles, fresh challenges are emerging in critical areas such as electric vehicle (EV) charging infrastructure, operating systems, and fleet management systems. The sheer complexity of modern vehicles is contributing to an expanding attack surface, making it more difficult for automakers to mitigate risks effectively.

The Double-Edged Sword of AI in Automotive Cybersecurity

Artificial intelligence (AI) is revolutionizing the automotive industry by enhancing in-car features, operational efficiency, and user experience. However, it also introduces new risks such as prompt injection, adversarial attacks, and compromised training data that challenge traditional security models. The increasing reliance on AI-driven decision-making in vehicles makes them more susceptible to manipulation, raising concerns about data integrity and safety in self-driving systems.

EV Adoption and Cybersecurity Risks

The rapid adoption of electric vehicles has unveiled significant security weaknesses in charging infrastructure. Insecure payment protocols, outdated communication standards, and vulnerabilities in charging station networks pose potential risks to both vehicles and power grids. Attackers targeting these weak points could cause large-scale disruptions, impacting not only individual EV owners but also critical energy infrastructure.

The Dark Web and Automotive Cybercrime

Cybercriminals are leveraging dark-web forums and marketplaces to trade sophisticated exploit techniques, stolen vehicle data, and hacking tools. The underground economy for automotive cybersecurity threats is thriving, making it easier for malicious actors to orchestrate large-scale attacks. Manufacturers and consumers alike must remain vigilant as these underground networks continue to evolve.

The Growing Threat of Supply Chain Attacks

A total of 215 automotive cybersecurity incidents were recorded in 2024, underscoring the persistent threat to the industry. Cloud and backend vulnerabilities remained the primary attack vectors, often involving ransomware, data breaches, and social engineering tactics. Vehicle hijacking, supply-chain vulnerabilities, keyless entry exploits, and over-the-air (OTA) system attacks further exemplify the complexity of threats faced by automakers today.

Supply-chain attacks have become increasingly intricate, with cybercriminals specifically targeting suppliers and third-party component providers. In June 2024, a ransomware attack on a dealership software provider disrupted operations at over 15,000 North American dealerships, highlighting the devastating impact such breaches can have on the industry.

A Surge in Automotive Vulnerabilities

The total number of automotive-related vulnerabilities (CVEs) published in 2024 reached 530, marking another record-breaking year. This sharp increase reflects the rapid expansion of the automotive attack surface and the growing complexity of vehicle systems. Vulnerabilities have shifted from being primarily chipset-related to affecting in-vehicle infotainment (IVI) platforms, operating systems, and EV-charging infrastructure.

Notably, at the world’s largest zero-day vulnerability discovery contest, Pwn2Own Automotive 2025, held at Automotive World in Tokyo from January 22-24, 2025, top-tier security researchers from 13 countries uncovered 49 unique zero-day vulnerabilities. Most of these vulnerabilities were found in IVI and EV-charging systems, underscoring the urgent need for improved security measures in these areas.

AI-Driven Risks in Transportation

The increasing adoption of AI in transportation introduces a range of operational, financial, and strategic risks. A September 2024 U.S. Department of Transportation white paper, “Understanding AI Risks in Transportation,” warned that AI-enabled systems are susceptible to misuse and abuse throughout their lifecycle. Factors such as over- or under-utilization, operation outside intended parameters, and malicious interventions contribute to these risks.

Large language models (LLMs), a key component of generative AI, present an attractive target for cybercriminals due to their dependence on critical enterprise data and self-learning capabilities. Operational risks such as insecure plugin designs, improper output handling, and adversarial attacks pose significant challenges. In addition, automakers must navigate strategic risks (such as governance shifts) and financial risks (liability concerns and brand reputation management) in the adoption of AI-powered solutions.

Safeguarding the Future of Connected Mobility

To address the pressing cybersecurity challenges in the sector, a proactive, multilayered approach is essential. As Max Cheng, CEO of VicOne, emphasizes: “We are amid a transformative era of mobility, as innovations such as AI help makers differentiate their vehicles, accelerate time to market, and enhance customer experience. A proactive, multilayered approach to cybersecurity across all levels of the supply chain will help the automotive industry stay ahead of evolving threats and thrive in pursuing the unprecedented opportunities ahead.”

Automakers, suppliers, and cybersecurity professionals must work collaboratively to strengthen defenses and secure the future of connected mobility. Strategies such as implementing robust encryption, securing OTA updates, conducting regular security audits, and enhancing employee training can significantly reduce risks.

Source Link