A report from a leading cybersecurity leader reveals that 60 percent of cyber incidents could affect thousands to millions of connected vehicles, with massive-scale attacks more than tripling.
Upstream Security recently released the 2025 Automotive & Smart Mobility Cybersecurity Report, an annual report that highlights despite the increased regulatory attention, the number, scale, and severity of cyber attacks continues to grow, showing a false sense of security and resilience.
Massive-scale incidents—each impacting millions of vehicles—more than tripled, rising to 19 percent in 2024 from five percent in 2023. This sharp increase highlights the urgent need for organizations to prioritize resilience by extending their cybersecurity efforts beyond regulatory compliance.
Attacks on the Rise
Among the key finding of the report was 409 new documented incidents—up from 295 in 2023—contributing to a total of 1,877 documented cases since 2010. That rise in incidents is largely attributed to a sharp escalation in ransomware attacks targeting the mobility sector
Data and privacy-related incidents accounted for 60 percent of 2024 incidents, up 20 percent from 2023 with the percentage of incidents involving car system manipulation and control of vehicle systems increased dramatically, accounting for over 35 percent of incidents.
“The cybersecurity landscape across the automotive and smart mobility ecosystem is poised to become more complex than ever,” said Yoav Levy, CEO and co-founder of Upstream in a statement with the release with the report. “Cyber threats are evolving faster than the industry is prepared to handle, outpacing regulation-driven measures.
June Ransomware Attack
Upstream officials point to the rise of software-defined and autonomous vehicles has introduced new vulnerabilities, leading to a widening cybersecurity gap. Critical infrastructure in smart mobility devices, like EV chargers and fleet management systems, has expanded the attack surface and magnified the stakes.
Notably, mobility-specific ransomware attacks surged in 2024 causing unprecedented disruptions with 108 reported ransom attacks and 214 data breaches. Officials said this was highlighted by the ransomware attack in June on CDK, used by 15,000 automotive dealerships which resulted in halted operations for nearly three weeks with estimating losses at $1.02 billion.
Profile of Attackers
Last year, Upstream found cyberattacks became more sophisticated and frequent, targeting vehicles and backend systems, as well as smart mobility platforms, devices, and applications. Among the notable characteristics of these attacks include:
- 65 percent of publicly reported cyber incidents were carried out by black hat actors with malicious intent.
- 92 percent of attacks were executed remotely, supporting the surge in scale and impact
- Of that 92 percent, 85 percent were long-range and did not require any physical proximity to the targeted asset.
Additionally, there was a significant surge in telematics and application server attacks in 2024— rising to 66 percent from 43 percent a year earlier.
Dark Web Danger
The company’s AutoThreat team monitors the deep and dark web for threat actors targeting connected vehicles, mobility applications and devices. In charting deep and dark web activities carried out by black hat hackers, 70 percent activities had the potential to impact thousands to millions of mobility assets and over 76 percent targeted multiple stakeholders and had a global reach, according to the authors of the report.
“Actors have already shifted toward large-scale, sophisticated and AI-powered attack methods, targeting not only vehicles but also interconnected systems such as EV charging infrastructure, API-driven apps, and smart mobility IoT devices,” said Levy. “This growing attack surface demands a transformative and proactive approach to cybersecurity.”
