Automotive - Red Sky Alliance2024-03-29T13:01:53Zhttps://redskyalliance.org/automotive/feed/allAuto Loan Fraudhttps://redskyalliance.org/automotive/auto-loan-fraud2024-03-08T14:30:00.000Z2024-03-08T14:30:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12398074465,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12398074465,RESIZE_400x{{/staticFileLink}}" alt="12398074465?profile=RESIZE_400x" width="250" /></a>With the automotive industry facing an unprecedented surge in loan fraud, dealerships are finding themselves at the front lines of a growing battle against sophisticated crime syndicates. In the early months of 2023, the creation of manufactured identities allowed fraudsters access to a staggering $1.8 billion in automotive loan credit, a significant leap from $869 million in the same timeframe in 2021. This escalation has not only highlighted the evolving threat landscape but has also prompted a rapid development in fraud protection technologies by leading companies like Experian, Equifax, Cox Automotive, and 700 Credit.<a href="#_ftn1">[1]</a></p>
<p>Understanding the Threat: Synthetic Identities - Synthetic identities pose a major challenge to the automotive finance market. By combining real information such as names, addresses, and Social Security numbers from various sources, criminals are able to create fake personas that appear creditworthy on paper. These fabricated identities are the tools of choice for sophisticated crime syndicates, which have grown both in numbers and in the complexity of their operations over the past two years. The vehicles purchased under these false pretenses often end up being shipped across international borders, complicating efforts to track and apprehend those responsible.</p>
<p>Spotting the Red Flags - Dealerships are on the frontline of detecting potential fraud, with several indicators that can signal a fraudulent transaction. Unusual behaviors, such as a customer's willingness to purchase every available add-on without hesitation, the absence of a driver's license, or a phone number that doesn't match the provided Social Security number, can all be red flags. However, recognizing these signs requires a vigilant and well-trained dealership staff, capable of distinguishing between legitimate customers and fraudsters who often present themselves with seemingly good credit profiles.</p>
<p>Combating Fraud with <u>Technology and Training</u> - In response to the rising tide of automotive loan fraud, several finance companies have unveiled advanced tools aimed at helping dealerships safeguard against deceitful practices. Innovations like 700 Credit's driver's license mobile verification scanner and Experian's Fraud Protect identity verification process represent critical steps forward in the fight against fraud. Yet, technology alone is not enough; comprehensive staff training is essential to ensure that dealership employees are not only aware of the potential for fraud but are also equipped to act on the digital tools' warnings. As the industry continues to grapple with this issue, the balance between sales goals and fraud prevention remains a pivotal focus for dealerships nationwide.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/</li>
<li>Website: https://www. redskyalliance. com/</li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://bnnbreaking.com/finance-nav/business/rise-in-auto-loan-fraud-dealers-face-18-billion-threat-in-2023">https://bnnbreaking.com/finance-nav/business/rise-in-auto-loan-fraud-dealers-face-18-billion-threat-in-2023</a></p></div>EV Worrieshttps://redskyalliance.org/automotive/ev-worries2024-02-20T17:15:00.000Z2024-02-20T17:15:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12385254297,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12385254297,RESIZE_400x{{/staticFileLink}}" alt="12385254297?profile=RESIZE_400x" width="250" /></a>As we enter the age of the software-defined automobile, especially those with electric drivetrains, we’re facing unprecedented risk from cyberattacks, say a wide coterie of experts. According to the Israel-based Upstream firm, from 2019 to 2023 disclosed cybersecurity incidents in the automotive and mobility space increased by more than 50%, with 295 such occurrences in 2023. Some 64% of these attacks were executed by “bad hat actors” with malevolent intent, the report said. And 65% of deep and dark web cyber activities last year “had the potential to impact thousands to millions of mobility assets.”<a href="#_ftn1">[1]</a> The vice president of marketing at Upstream, which has an office in Ann Arbor, Michigan, said attacks could potentially cost automakers millions of dollars.</p>
<p>Privacy Is Sorely Lacking in Modern Vehicles - “The smarter a vehicle, the more vulnerable it is,” she said. “A single incident could cause a lot of damage to an OEM. Over-the-air updates could fix the vulnerability, but that would cost millions, too. The vast majority of these assaults are from non-governmental sources, folks trying to make money. Terrorism isn’t a dominating motivation.”</p>
<p>A senior research analyst for EVs and mobility at Guidehouse Insights, said the overall cybersecurity threat underlies how automakers need to adapt as cars become more connected. “I think they’re aware of it and design systems to mitigate the dangers, but the threat is real,” he said. “And the risk is that, unlike a data leak or a bricked phone or laptop, even a minor car hack can be hugely disruptive to people’s lives.”</p>
<p>An irony is that artificial intelligence cuts both ways when automotive cybersecurity is at issue. “AI has been an increasingly popular topic on the dark web, and the bad actors are learning from it,” said a researcher. “But it can also be used positively to investigate alerts and perform triage.”</p>
<p>For EVs, the connected charging network is a target. Last year, the National Institute of Standards and Technology (NIST) prepared a draft guidance that called on companies deploying fast chargers to secure their digital payment systems.</p>
<p>The government’s report said that in 2023, the US had more than 48,000 public charging stations, and they “connect and communicate with cloud providers and third-party vendors for EVSE location information, billing and other services.”</p>
<p>In 2021, Ukrainian hackers broke into Russia’s biggest EV charging network. And that’s a vulnerability, along with the utilities that provide the power. The interface between the EV and the charging station via the cloud “presents a potential attack surface for malicious actors to cause damage,” NIST said.</p>
<p>A 2023 paper on cybersecurity risks notes that because a public charging station “is connected into the grid and takes the necessary power from it, it poses a significant threat to the reliability and safety of the power supply.” The cyberattacks are not just theoretical. Video shows a hacker freely manipulating an Electrify America (EA). station. A technology spokesman for EA, told Autoweek, “Electrify America is constantly monitoring and reinforcing measures to protect ourselves and our customers and focusing on risk-mitigating station and network design. “That video is from January of 2023 and was an isolated incident resulting in unauthorized access at the charger level. Access was limited to the charger, and did not, and could not, extend to the network as such. We took immediate steps to address the situation. The access point was closed and secured immediately.”</p>
<p>As WardsAuto reported, in 2022 the charging network on the Isle of Wight in the UK was penetrated to the extent that the chargers’ screens displayed pornography. And in 2021, Ukrainian hackers broke into Russia’s biggest EV charging network and claimed to have stolen 900 gigabytes of data from it.</p>
<p>Britain’s Royal United Services Institute (RUSI) think tank, engaged in security research, said “the proliferation of EV charging stations and related devices being connected to the grid is widening the attack surface.”</p>
<p>Does EV charging represent an invitation to hackers? It’s not all EV charging. In 2023 Ferrari said its Italian subsidiary Ferrari SPA was contacted by a threat actor with a ransom demand “related to certain client contact details.” The company said then, “As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.”</p>
<p>According to Automotive News Europe, “Ferrari plans to make 80% of its cars battery electric-powered by 2030. These EV offerings are likely to become even more software-dependent and Internet-connected in the coming years, possibly providing more avenues for cyberattacks.”</p>
<p>Sandia National Laboratories raised concerns about cyberattacks through the charging network in 2022. Its report noted that the complexity and size of charging connections raises concerns “that bad cyber actors could use insecure chargers as an unauthorized access point to abuse charging equipment, vehicles, buildings, or grid resources. Auto-ISAC is an OEM-driven effort “to analyze intelligence about emerging cybersecurity risks." Each of these systems represents a set of interconnected attack vectors. EVs, for example, interface with dealerships, mobile phones, navigation, mapping, telemetry, entertainment, vehicle-based web browsers, other vehicles, driver assist systems, over-the-air software updates, and more.”</p>
<p>Sandia’s hands-on investigation was thorough. Multiple trap-door entry points were found, with fairly technical explanations: “The processes were running as root, and stored passwords could be cracked ‘in a reasonable amount of time’ because of weak hashing,” the report said. These and other warnings led automakers to band together. “An attack on one is an attack on all,” said the Automotive Information Sharing and Analysis Center (Auto-ISAC). It’s a manufacturer-driven effort “to share and analyze intelligence about emerging cybersecurity risks to the vehicle, and to collectively enhance vehicle cybersecurity capabilities across the global automotive industry.”</p>
<p>Cyber threats targeting your car - Auto-ISAC has developed a series of best practices for automakers to deal with attacks. “Proactive cybersecurity through the detection of threats, vulnerabilities and incidents empowers automakers to mitigate associated risk and consequences,” the organization said. “Threat detection processes raise awareness of suspicious activity, enabling proactive remediation and recovery activities.” Auto-ISAC members include BMW, Ford, GM, Honda, Hyundai/Kia, Lucid, Mercedes-Benz, Mazda, Stellantis, Toyota, Subaru, and Volvo.</p>
<p>Progress is being made, the group said. The Auto-ISAC’s executive director, told Autoweek in reference to the Upstream report, “While the statistics may paint a sobering picture of increased cyberattacks, it’s crucial to recognize the proactive measures being taken by automakers to mitigate these risks. By leveraging the collective intelligence and vigilance fostered by initiatives like the Auto-ISAC, the industry is steadfast in its commitment to safeguarding vehicles and ensuring the safety and security of consumers worldwide.”</p>
<p>Cybersecurity Is the Auto Industry’s Weak Point - The Alliance for Automotive Innovation, representing carmakers, said cybersecurity is a top priority, with vulnerabilities that can come in through the Internet, through wireless connectivity and charging ports. “Because these are items outside the control of the auto industry,” the Alliance said, “we’ve been supportive of a multi-stakeholder, public/private approach to EV charging that outlines clear cybersecurity roles and responsibilities for charging operators to protect against cyber threats.”</p>
<p>The automakers’ group said federal agencies, state transportation agencies, and the organizations developing standards all have to be at the table to “ensure EV charging is cybersecure.”</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.autoweek.com/news/a46857624/cyberattacks-on-electric-vehicles-and-chargers/">https://www.autoweek.com/news/a46857624/cyberattacks-on-electric-vehicles-and-chargers/</a></p></div>Ghost Cars in Texashttps://redskyalliance.org/automotive/ghost-cars-in-texas2024-02-07T15:12:21.000Z2024-02-07T15:12:21.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12374286064,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12374286064,RESIZE_400x{{/staticFileLink}}" alt="12374286064?profile=RESIZE_400x" width="250" /></a>A Houston woman is going to prison for her role in an elaborate scheme that included hundreds of thousands of fake paper license plates. Leidy Hernandez Lopez, 43, pleaded guilty to buying and selling fraudulent Texas-issued temporary buyer tags for cars in and outside of Texas.<a href="#_ftn1">[1]</a></p>
<p>Earlier this week, a US District Judge ordered Lopez to serve 30 months in federal prison followed by three years of supervised release. The court also ordered Hernandez Lopez to pay restitution to the Texas Department of Motor Vehicles in the amount of $316,820. The feds say the fake tags are often used by criminals to avoid getting caught. “The harm in this case was more than monetary,” the Texas US Attorney said, “in selling fake vehicle tags to other sellers, Lopez provided criminals with the means to create ghost cars that were invisible to law enforcement."</p>
<p>The US Attorney’s office explained that some tags were used in violent crimes, including drive by shootings.</p>
<p>The illegal tags also pose a danger to the public and law enforcement because purchasers use them to avoid obtaining registration, safety inspections and liability insurance.</p>
<p>Forge of Empires - The feds say Hernandez Lopez and her partners created phony on line car dealerships to issue and sell the tags to buyers throughout the United States. They advertised the fake tags on Facebook and Instagram, according to investigators.</p>
<p>In June 2022, alleged co-conspirator Daniel Rocky Christine-Tani, 33, from Sugar Land, was charged with multiple counts of conspiracy and wire fraud. Christine-Tani and Octavian Ocasio were also arrested and charged in connection with the scheme.</p>
<p>Emmanuel Padilla Reyes, 32, aka Christian Hernandez Bonilla or Noel Rivera, is a wanted fugitive charged in the case. His last known address was in Houston.</p>
<p>Moral of the story – get your license plates from your state DMV, unless you want to end up in federal prison. </p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.msn.com/en-us/news/other/houston-woman-sentenced-for-selling-hundreds-of-thousands-of-illegal-paper-tags/ar-BB1hPP41">https://www.msn.com/en-us/news/other/houston-woman-sentenced-for-selling-hundreds-of-thousands-of-illegal-paper-tags/ar-BB1hPP41</a></p></div>Hacking Your New Carhttps://redskyalliance.org/automotive/hacking-your-new-car2023-08-19T14:00:00.000Z2023-08-19T14:00:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12199344262,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12199344262,RESIZE_400x{{/staticFileLink}}" alt="12199344262?profile=RESIZE_400x" width="250" /></a>Picture driving down the highway in your brand-new car when suddenly your brakes slam, your engine turns off and your doors lock. What the heck is going on? After you recover from hitting your head on the steering wheel, you think, “all I wanted was a nice new car, so I can hit the campaign trail in running for our open Congressional seat.” Chances are a hacker has remotely taken control of your car.</p>
<p>Preventing this hypothetical scenario is a focus of all automakers, as modern day cars are mobile computers often connected to the Internet. As cars become loaded with computerized parts, they also become vulnerable to cyberattacks and privacy leaks, at least to a degree.<a href="#_ftn1">[1]</a></p>
<p>Professional "good guy" hackers demonstrated that they could attack computerized technology in cars as recently as this spring, when French security business Synacktiv proved that it could hack the infotainment system of a leading electric vehicle at the annual Pwn2Own computer hacking competition.</p>
<p>This cybersecurity sector is becoming more of a focal point for research, particularly as advancements in artificial intelligence (AI) make their way into the auto industry. "If you have a classic car with almost zero computers, then there is almost no chance someone can remotely take control of your car. But now, with advancement and widespread integration of computing devices in modern cars, we are thinking about things differently," said M. Hadi Amini, an assistant professor at the Knight Foundation School of Computing and Information Sciences at FIU's College of Engineering and Computing.</p>
<p>Amini is an expert in developing machine learning, AI and optimization algorithms and tailoring them towards real world applications, including health care, homeland security and infrastructure resilience. He researches how to integrate AI into complex systems while considering cyber, physical and societal perspectives at the Sustainability, Optimization, and Learning for InterDependent networks laboratory (solid lab). Amini is leading the university's investigation of AI for the National Center for Transportation Cybersecurity and Resiliency, which is funded by the US Department of Transportation.</p>
<p>The potential of AI in vehicles is seemingly great—already, some drivers are using the technology to operate their vehicles semi-autonomously—but the technology also brings new challenges.</p>
<p>One of the key focuses is the storage of drivers' information. AI needs your data to make smarter decisions. So, Amini is looking into whether or not someone's personal information might be vulnerable if a car is hacked.</p>
<p> </p>
<p>According to the Federal Trade Commission, a car's electronic system might store:</p>
<ul>
<li>Phone contacts</li>
<li>Mobile app log-in information</li>
<li>Location data</li>
<li>Garage door codes</li>
</ul>
<p>So a major cybersecurity concern for the auto industry arises. If the central server of a network of cars gets hacked, would that mean every driver's personal information in that network is up for grabs? "Privacy is the first of many challenges we will face in applying classic AI algorithms to vehicles," Amini said. "Drivers of autonomous vehicles will want to use AI to help their cars perform better. The question is, how will drivers ensure that their data stays private while automakers use that data to improve vehicle performance? If we are able to implement AI in a responsible, privacy-preserving and secure way, then we might be able to have more control over these attacks."</p>
<p>The algorithms that power artificial intelligence are hungry for data, Amini explained. They become good at what they do by having a lot of examples to learn from. But all this learning must take place somewhere. It needs to be computed. This often happens at a centralized, high-powered server.</p>
<p>Amini is exploring a way to use AI without having to ask all the drivers in a network to share their data to a central location. He is researching a more decentralized form of AI which would not rely as much on one central server. Instead, many of the computing and learning responsibilities would be left up to individual cars. Cars would digest data on their own and come up with suggestions to improve their algorithms. These suggestions, which would not contain raw data, would then transmitted to servers that help improve the overall algorithm for all the devices in a network. The result: an AI network that is more difficult to steal personal information from.</p>
<p>Amini has been studying this form of AI and computing algorithms like it for about a decade. Today, this type of AI is best known as federated learning, a name that Google coined in 2016. This style of AI has the potential to not only protect drivers' privacy, but also enable more efficient and scalable computing with an increasing number of cars, Amini said. "In centralized machine learning, if we lose the power to the central server during an attack or a natural disaster, then the entire system will fail. But when we are operating in distributed machine learning, the rest of the system can operate and continue functioning for some time by relying on local data," Amini said.</p>
<p>While no computerized system is ever 100% secure, Amini added, the research into federated learning provides a promising pathway for automakers to capitalize on advances in AI while protecting the personal information of drivers and ensuring the secure operation of transportation systems against cyberattacks.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> <br /> Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://techxplore.com/news/2023-08-self-driving-car-privacy-cyberhackers-age.html">https://techxplore.com/news/2023-08-self-driving-car-privacy-cyberhackers-age.html</a></p></div>Automobile Cyber Securityhttps://redskyalliance.org/automotive/automobile-cyber-security-12023-05-08T15:39:56.000Z2023-05-08T15:39:56.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11072914671,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11072914671,RESIZE_400x{{/staticFileLink}}" width="250" alt="11072914671?profile=RESIZE_400x" /></a>With hundreds of thousands of dollars on the line at the Pwn2Own Hacking Competition, a group of hackers from Synacktiv, an offensive security company, had quite the incentive to display the cybersecurity weaknesses of Tesla's Model 3. Tesla, a company famous for its lacking public relations but also for its technology, actually volunteered the Model 3 for this hacking test, in an effort to explore just how vulnerable modern cars are. And the short answer is that all cars, even Teslas, are generally vulnerable.</p>
<p>The team at Synacktiv was able to compromise the Model 3's infotainment through Bluetooth, ultimately gaining access to the top level of internal code. Everything besides the Autopilot system was available for hackers to disrupt remotely. This involuntary adjustment of lighting, maps, and music may seem diminutive for roadway safety, but it sets a dangerous precedent for the future of connected cars.<a href="#_ftn1">[1]</a></p>
<p><em><a href="{{#staticFileLink}}11072914499,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}11072914499,RESIZE_584x{{/staticFileLink}}" width="500" alt="11072914499?profile=RESIZE_584x" /></a>Tesla full self-driving option</em></p>
<p>TESLA - Tesla's participation should be cautiously praised for furthering automotive cybersecurity prowess, though the company isn't exactly known for keeping its customers' data safe. A new privacy breach lawsuit against Tesla has illuminated a lack of virtual safety even from within, and consumers are starting to catch on to a new venue of cybersecurity considerations. Of course, cars aren't just a frame, an engine, and wheels anymore but rather a system of electrical systems.</p>
<p>But if other OEMs are at a similar risk of penetration, should consumers spend their waking hours worrying about the cybersecurity of their vehicles? Is their personal information safe? And will a compromised navigation system drive them into nearby bodies of water?</p>
<p>Dustin Childs, head of Threat Awareness, Zero Day Initiative at Trend Micro, says consumers shouldn't panic about these issues, mostly because they can't do much about it alone. However, Childs says cybersecurity is set to be a defining factor for the auto industry, as manufacturers develop new infotainment and tech features at a rapid pace.</p>
<p><em><a href="{{#staticFileLink}}11072915266,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}11072915266,RESIZE_584x{{/staticFileLink}}" width="500" alt="11072915266?profile=RESIZE_584x" /></a>Navigation device</em></p>
<p>"In the next five to 10 years, we will see something big in automotive security that happens and hopefully it's just a big recall. It's more likely than not that something will happen very negatively when it comes to automotive technology," Childs tells Autoweek in an interview.</p>
<p>The systems at risk will vary by vehicle and the kind of threat, though a few key features are of particular interest to both sides of the cybersecurity spectrum. As most modern vehicles feature advanced driver-assistance systems and even some semi-autonomous capabilities, experts' worst fear is that bad actors will maliciously disrupt the movement of a vehicle.</p>
<p>This problem may be exacerbated by the slow shift away from hydraulically connected vehicle controls, as computer-operated drive-by-wire style controls could be more susceptible to remote attacks. The infiltration of navigation systems even poses a significant risk for stalking and targeted theft. Of course, your personal data and information are always at risk, and a connected vehicle provides yet another entry point.</p>
<p>Alternatively, there are some gray-area reasons for hacking into the infotainment of your vehicle. For example, Childs says subscription-based features like heated seats or certain screen functions could be easily jail-broken, allowing consumers to skirt monthly payments for already installed features. This could also allow for the integration of custom functions or displays from the infotainment screens, like those who stream videos from their Tesla.</p>
<p>In either case, these virtual intrusions pose a challenge for automakers, who are now tasked with creating a mechanically and technologically sound product. In order to build virtually secure vehicles, you need to understand how bad actors actually get in. And Childs says that Bluetooth, WiFi, and other external connections like charging ports are often to blame, given these systems are designed to connect with other devices. "Obviously, the systems need to talk to each other, but we need to make sure that it's the right systems giving the right messages, and there's not an opportunity for a threat actor to send the wrong messages and the wrong communications between the systems," Childs explains. "In a way, it's a bit like the Titanic, in that it was designed so that water could come in and then be stopped."</p>
<p><em><a href="{{#staticFileLink}}11072915092,RESIZE_710x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}11072915092,RESIZE_584x{{/staticFileLink}}" width="500" alt="11072915092?profile=RESIZE_584x" /></a>2023 Cadillac Lyriq interior</em></p>
<p>Childs says these kinds of infiltrations are happening now, and it will likely only get worse as cars get more advanced. The National Highway Traffic Safety Administration concurs as it has already recorded 1.4 million vehicles impacted by a 2015 cybersecurity recall. Furthermore, the federal agency issued a 24-page memo on best practices for automotive cybersecurity, with a primary focus on the mitigation of safety-critical risks and containing intruders.</p>
<p>Even so, manufacturers continue to roll out new, personalized tech features, in order to stay competitive in a fierce market. For example, Hyundai's Ioniq 6 will feature a Metaverse connection while the Polestar 3 and Volvo EX90 boast internal electronics from Nvidia, Luminar, and Qualcomm. All of these features make up the selling points of these models, whether for safety reasons or modern social media connectivity, but they might also offer an entry point for hackers too.</p>
<p>In fairness to every automotive manufacturer, it's obvious that cybersecurity is massively important, with many automakers employing specific cybersecurity engineering teams. And it's not a problem with a clean, easy solution either, given the complexity and mystery factor of potential future attacks. Despite this, Childs says he doesn't want consumers to be driven away from technology by fear, because it's not a bustling dark market just yet. "Really, more than anything else, it's profitability. Right now, there's no money in taking out these cars," Childs says. "If there comes a time where a threat actor can really figure out how to monetize their research, even in a negative light, then it's much more likely to pop out."</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.autoweek.com/news/technology/a43554143/cybersecurity-auto-industry-hacking/">https://www.autoweek.com/news/technology/a43554143/cybersecurity-auto-industry-hacking/</a></p></div>Auto AI Security Technologyhttps://redskyalliance.org/automotive/auto-ai-security-technology2023-05-03T18:21:39.000Z2023-05-03T18:21:39.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11063084701,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11063084701,RESIZE_400x{{/staticFileLink}}" width="250" alt="11063084701?profile=RESIZE_400x" /></a>Auto dealers across the US are facing the highest vehicle theft rates in history and many are turning to AI security technology to stop these escalating attacks before more losses are incurred.</p>
<p>Auto theft is rising and nationwide surpassed one million stolen vehicles for the first time since 2008, according to statistics released by the National Insurance Crime Bureau (NICB) in March 2023. Parts were also pinpointed for black market resale: catalytic converter theft ticked up 1,200% over the last three years.</p>
<p>Thieves are becoming increasingly sophisticated and expanding their threat vectors. Now they are stealing cars through Controller Area Network (CAN) injection attacks, which inject code into headlights and target wiring for the auto’s electronic control units.<a href="#_ftn1">[1]</a></p>
<p>Liberty Buick-GMC in Matthews, NC is taking pro-active steps to protect open air-assets with iDter commercial AI security technology from KEYper Systems, who in partnership are using AI technology to deter unwanted intrusion on their property. iDter uses AI and 4K ultra-high resolution camera technology embedded in Niō Guardian nodes located around the property to detect intrusion and take immediate and programmable deterrence actions.</p>
<p>Liberty Buick-GMC, has 16 Niō Guardians installed around the outside of the dealership on buildings and light poles, along with a Niō Guardian to protect the KEYper key management solution inside the building. The owner said in one incident shortly after installation, unauthorized activity on the property was immediately confronted by the system and the person moved off the property, preventing possible theft or damage. “The combination of immediate detection and deterrence with live video monitoring provides a strong sense of security,” he said.</p>
<p>KEYper partnered with iDter last year in offering customers with the MX Electronic Key Management System its total intrusion deterrence and monitoring solution featuring Niō Guardians. The MX Key System provides key and asset management that leverages analytics, AI security technology and asset control.</p>
<p>Visibility is important to the dealership, who stays apprised of notifications of activity at the dealership and can access video footage remotely to see what is happening at night and on weekends. “Knowing what is occurring on the property has great value to me,” the owner said.</p>
<p><a href="{{#staticFileLink}}11063085273,RESIZE_400x{{/staticFileLink}}"><img class="align-right" src="{{#staticFileLink}}11063085273,RESIZE_400x{{/staticFileLink}}" width="250" alt="11063085273?profile=RESIZE_400x" /></a>Niō Guardians are positioned around the protected premises to detect intrusion with a powerful high-resolution camera with wide-angle lens, multiple motion detectors, quad-core computer intelligence, omni-directional speakers, microphone and powerful LED lights for illumination and red/blue strobing. When a late-night intruder is detected, Niō activates an array of programmable deterrence measures, including instantaneous illumination of 10,000 lumens of multi-directional LED floodlights, blinding strobes of red and blue LEDs, piercing sirens, situation-appropriate voice-down warning messages and intimidating sound effects. During the early evening hours, Niō has welcoming messages explaining the dealership is closed: “Feel free to browse our inventory, we use lights and cameras for your safety and ours.”</p>
<p>Events are monitored in real time to ensure deterrence actions were successful, and if not, a video verified alarm is sent to a UL Listed, Five-Diamond Certified central station for dispatch of authorities through 911 operators.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securitysales.com/news/ai-security-technology-stops-auto-thefts/">https://www.securitysales.com/news/ai-security-technology-stops-auto-thefts/</a></p></div>Synactive Wins, Tesla Loseshttps://redskyalliance.org/automotive/synactive-wins-tesla-loses2023-03-31T14:10:00.000Z2023-03-31T14:10:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11003976854,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11003976854,RESIZE_400x{{/staticFileLink}}" alt="11003976854?profile=RESIZE_400x" width="250" /></a>Tesla has been hacked at the Pwn2Own hacking event, and the hacking group has<br /> taken home a Tesla Model 3 and $100,000.</p>
<p>As electric vehicles and their significant amount of integrated software have become more common in everyday life, the security around them has become significantly more critical. In the worst-case scenario, a hacker could not only gain access to a car but could leak user data or even take control of the vehicle. Now, <a href="https://www.teslarati.com/tesla-model-3-returns-to-pwn2own-hacking-competition/">at the Pwn2Own hacking competition</a>, a group of hackers successfully hacked a Tesla Model 3 and won the vehicle along with a $100,000 prize.</p>
<p>The successful hack completed by the group Synactive was initially reported by the Zero Day Initiative Twitter account, revealing that the group had used a TOCTOU exploit <a href="https://www.teslarati.com/teslas-are-susceptible-to-hacking-due-to-bluetooth-locks-cybersecurity-firm-says/">to gain access to the vehicle</a>. Thanks to the nature of the hacking competition, the details of how the hack was performed have not been made entirely public to avoid a security risk for Tesla owners. Still, the method the hackers used was relatively straightforward.</p>
<p>The TOCTOU (Time-Of-Check Time-Of-Use) exploit involves altering internal files to gain system access. In essence, the hackers are altering the files that a system will check to ensure someone actually should have access. This could, for example, involve changing login credentials to allow yourself access. However, as the name suggests, this is highly time-dependent, as it involves using the discrepancy of time between the system checking the files and a person being logged in.</p>
<p><a href="https://www.teslarati.com/tesla-pwn2own-model-3-model-s/">Pwn2Own is one of the most famous hacking events</a> in the world. It involves teams of hackers attempting to gain access to some of the most popular software available on the market. Each group of hackers and security researchers will be given a list of devices and software and a series of objectives to achieve. The first team to navigate through the list gains a cash prize. In this case, to complete this step of the competition quickest, the Synactive team won the Tesla Model 3 that they hacked.</p>
<p>With software becoming ever more interconnected with the vehicles we drive, focusing on keeping that software secure will only become more important as time passes. And with the increasing interconnectedness of these car systems, the consequences of not keeping these systems secure will only become more dire. Hopefully, automakers will take this threat seriously and continue to work <a href="https://www.teslarati.com/electrify-america-chargers-hacking-vulnerability-bug/">to keep their items as safe and secure as possible</a>.</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/<br /> • Website: https://www. wapacklabs. com/<br /> • LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p></div>Buying a Used Carhttps://redskyalliance.org/automotive/buying-a-used-car2023-03-04T16:30:00.000Z2023-03-04T16:30:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10977343090,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10977343090,RESIZE_400x{{/staticFileLink}}" alt="10977343090?profile=RESIZE_400x" width="250" /></a>Buying a used car has always been somewhat of a gamble. Things are much better than in the past, but sketchy dealers are still out there and prey on unsuspecting buyers. In the old days, rolling back the odometer was relatively easy. Laws were then created and “some” of that fraudulent practice slowed. Now everything is electronic and hacking the odometer is a bit trickier. Or is it?</p>
<p>The on-line car buying company, CarFax, shares some pointers about this type used car sales fraud: “Many people think odometer fraud disappeared with the invention of digital odometers,” said the Public Relations Director for CARFAX. “But that couldn’t be further from the truth. We’re still seeing the number of vehicles on the road with a rolled back odometer rise year-over-year. It takes con artists a matter of minutes to wipe thousands and thousands of miles off a vehicle’s odometer, and unfortunately these swindlers likely see this unprecedented used car market as a way to make quick buck.”<a href="#_ftn1">[1]</a></p>
<p>Related article: <u>CarFax Identifies 10 States that have the Most Vehicles with Rolled Back Odometers Scam</u><a href="#_ftn2">[2]</a>.</p>
<p>Old Tactics and Newer Tactics - Older tactics we have learned about with newer model cars with digital displays included the use of mechanics’ scan tools for locating the source of a check engine light warning that ne’er-do-wells discovered can also be used to reset errors messages long enough to sell a vehicle to an unwitting buyer, as well as in some cases even change the odometer reading. There is also the common practice of going to a junkyard and finding a same model car with low mileage that was totaled and simply switch displays to another car with much higher actual mileage on it. The risk of these types of scams is that they are often traceable when investigators look for a paper trail of service records to show that the numbers on a suspected car’s odometer and dated documents do not match.</p>
<p>Mileage Blockers - According to a recent CNBC news report about odometer fraud, criminal investigators are telling us that now, for a relatively cheap price, car swindlers can buy online devices that alter your mileage while you are driving. In other words, if you drove 100 miles one day, it may show your odometer reporting only 1/10 of that. This is especially lucrative for car lessee's who scam dealerships by putting on more miles than the agreed upon contract limits without incurring extra fees when the lease ends. These types of devices are referred to as “Mileage Blockers” and connect with your smartphone to instruct the car’s odometer what value the owner wants the odometer to read and/or when to stop recording mileage. What make this especially insidious is that the owner can still provide a complete car service record history with bogus mileage that looks legit.</p>
<p>To learn more about odometer fraud, here is a CNBC report posted: <u>How Odometer Fraud Became A $1 Billion Problem</u><a href="#_ftn3">[3]</a> (video)</p>
<p>Your Best Protection from This Scam - Your best protection is to take the time and the relatively small expense of hiring an experienced mechanic to thoroughly inspect a used car for you to tell you not only the condition of the car and its value, but also whether or not the car shows any signs of its physical age and operating condition not correlating with its odometer reading.</p>
<p>An alternative to this is performing a DIY engine compression check. Not only will a compression check provide you with a good starting point on determining whether an engine is sound, but it can also alert you to either an abused car engine or one whose odometer reading has been tampered. In either case you will want to pass on the purchase.</p>
<p>There are several compression-checking tools with adapters for differing spark plug holes that can be a good investment if you are not willing to hire a mechanic for every used car you are considering as well as instructive videos on how to use one.</p>
<p>And finally… For additional articles related to protecting yourself when buying a used car, here are a few for your consideration:</p>
<ul>
<li>The Most Important Used Car Scam Everyone Should Be Aware About</li>
<li>Engine Compression Test Demonstrated After 280,000 Miles</li>
<li>Mechanic Helps Car Buyers Find the True Value of a Used Car</li>
</ul>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.torquenews.com/14093/new-odometer-fraud-tool-scam-warning/amp?fr=operanews">https://www.torquenews.com/14093/new-odometer-fraud-tool-scam-warning/amp?fr=operanews</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.torquenews.com/14093/carfax-identifies-10-states-have-most-vehicles-rolled-back-odometers-scam">https://www.torquenews.com/14093/carfax-identifies-10-states-have-most-vehicles-rolled-back-odometers-scam</a></p>
<p><a href="#_ftnref3">[3]</a> <a href="https://youtu.be/GAiduOoZKB4">https://youtu.be/GAiduOoZKB4</a></p></div>Automobile Cyber & the FTChttps://redskyalliance.org/automotive/automobile-cyber-the-ftc2023-02-11T14:30:00.000Z2023-02-11T14:30:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10961185675,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10961185675,RESIZE_400x{{/staticFileLink}}" alt="10961185675?profile=RESIZE_400x" width="250" /></a>With ever escalating cyber-attacks, it is essential for auto retailers to protect their dealerships and customer data. According to CDK Global's State of Cybersecurity e-book, less than 50% of dealers are adequately prepared to meet the US Federal Trade Commission's (FTC) cybersecurity requirements by 9 June 2023. In addition, only 35% fully comprehend the new ruling, which includes such protection mandates as multi-factor authentication, data encryption and data and systems inventory.<a href="#_ftn1">[1]</a> </p>
<p>The stakes have escalated in terms of avoiding IT-related business outages, reputation damage and fines for failing to comply with the FTC’s new deadline, according to the e-book, which compiled automotive-specific survey data from dealership personnel to provide peer-to-peer insights to consider when evaluating cybersecurity posture and ongoing strategy for the 9 June compliance.</p>
<p>As an example, the main threats that dealers are now experiencing, include: email phishing, ransomware and lack of employee awareness. While auto retailers understand the importance of these cybersecurity threats and are still concerned, 89% of those surveyed say these threats are more important than a year ago, dealers are only 37% confident in their protection.</p>
<p>Ransomware is a major point of focus as hackers continue to hit increasingly bigger targets. Hackers thrive in a business model that is financially attractive for them: low overhead and high profits, making dealerships a prime target. Looking at the average payouts over time, there is some volatility, although the costs remain high and are an enormous burden for the average dealership.</p>
<p>The average payout for ransomware was $228,125 for the second quarter of 2022, which is an 8% increase from the first quarter. The growing payout amount is likely due to increased work-from-home environments and reliance on distributed networking and applications needed to support this adjustment in employee behavior.</p>
<p>Auto retailers have been doing well with implementing anti-virus software, securing their network, patching and pursuing cyber insurance. However, gaps remain, such as real-time monitoring and formal cybersecurity response plans, which are critical components for the FTC Safeguards Rule. The amended rule includes compliance measures such as securing customer data and implementing a comprehensive information security program.</p>
<p>Dealers must ensure they are collaborating with their software vendors to meet these requirements and have a comprehensive and flexible plan in place for both the IT infrastructure and cybersecurity protection. It is also recommended that dealers have a qualified person or leader to take charge of cybersecurity posture within the dealership. They can consider investing in a chief information security officer (CISO) or Virtual CISO, while working with their legal team along the way.</p>
<p>There's no one-size-fits-all approach to cybersecurity. It is a moving target that requires constant attention. The top concern is no longer if you get attacked, but when. However, having a layered approach to protecting a dealership’s IT infrastructure through proactive cybersecurity measures can help cut through the complexity, including:</p>
<ul>
<li>Prevention: 24/7 monitoring, web content filtering, employee training, authentication and compliance.</li>
<li>Protection: Detect incoming threats, rogue device detection and securing devices and networks.</li>
<li>Response: Contain threats quickly through recovery, roll back computers to a known good state, remediation, containment and a robust response plan.</li>
</ul>
<p>A solid plan helps minimize uncertainty, confusion and guesswork. By following the right cybersecurity plan, dealerships can assemble a security team that is ready to reduce threat response time and malicious activities. Staying ahead of evolving technology and cybersecurity will continue to be a crucial component to running a competitive, successful dealership.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securitymagazine.com/articles/98896-dealerships-must-put-cybersecurity-plans-in-place-for-ftc-compliance">https://www.securitymagazine.com/articles/98896-dealerships-must-put-cybersecurity-plans-in-place-for-ftc-compliance</a></p></div>Nissan Breachhttps://redskyalliance.org/automotive/nissan-breach2023-01-20T16:03:43.000Z2023-01-20T16:03:43.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p>The Japanese auto company Nissan has sent out breach notification letters to thousands of customers to inform them of a leak of personal information (pii) through a third-party vendor. The car company said it was notified on 21 June 2022 that names, dates of birth, and account numbers for Nissan Motor Acceptance Corporation, an indirect lender that helps people finance or lease Nissan vehicles, were exposed after it provided the customer information to an unnamed third party “for software testing.”</p>
<p>Nissan’s breach notification letter, which was sent to 17,998 people, does not say when the data was exposed nor for how long.<a href="#_ftn1">[1]</a> “During our investigation, on September 26, 2022, we determined that this incident likely resulted in unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers. Specifically, the data embedded within the code during software testing was unintentionally and temporarily stored in a cloud-based public repository,” the company said. Nissan said it was providing victims with a one-year membership for Experian IdentityWorksSM Credit 3B, a service that helps detect possible misuse of personal information.</p>
<p>**See what Proton is doing to help auto dealers: (TR-23-003-001)</p>
<p>A spokesperson for Nissan explained that the third-party vendor “inadvertently placed some customer data in an unsecured, cloud-based storage location. At this time, we believe the risk is low, but, out of an abundance of caution, we are offering these consumers one year of credit monitoring services at no cost,” the spokesperson said. The company did not answer questions about whether the information leaked was enough for cybercriminals to impersonate someone within Nissan’s customer finance portal.</p>
<p>KnowBe4 said the incident was a prime example of why companies need to outline cybersecurity standards in contractual agreements signed with third parties tasked with handling sensitive customer data. “Nissan provided the information in good faith to an organization contracted to do testing, however that organization failed to properly secure the data. While it’s often not an easy sell to get a contractor to allow you to audit their systems, the history of data breaches caused by this type of mishandling is a strong argument toward being able to do that,” they explained. “Any organization that handles your data needs to be held to a standard of protection at or above your own. An unfortunate part of these types of issues is that Nissan will be associated with the breach, however the third party will likely go unremembered.”</p>
<p>Data from car companies and car insurance providers has been in high demand among cybercriminals, with multiple threat actors and groups leaking stolen data on the dark web in recent weeks. </p>
<p>Car insurance data stolen from nearly 800,000 Japanese customers of Zurich Insurance showed up on a cybercriminal forum last week among several other posts containing vehicle related information.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://therecord.media/thousands-of-nissan-customers-affected-by-data-breach-through-third-party-vendor/">https://therecord.media/thousands-of-nissan-customers-affected-by-data-breach-through-third-party-vendor/</a></p></div>Proton Dealership is Building a SOChttps://redskyalliance.org/automotive/proton-dealership-is-building-a-soc2023-01-03T21:19:13.000Z2023-01-03T21:19:13.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10924376699,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10924376699,RESIZE_400x{{/staticFileLink}}" alt="10924376699?profile=RESIZE_400x" width="250" /></a>Red Sky Alliance has often reported on auto dealerships in the past. Many dealerships were woefully unprepared for cyber-attacks, especially with car sales during Covid. So, this news is a huge step in the right direction. The Reynolds and Reynolds Company announced the start of construction of a security operations center (SOC) for Proton Dealership IT. The SOC will be built on-site at Reynolds’ headquarters in Dayton, Ohio. Reynolds acquired Proton in summer 2022.</p>
<p>The SOC will be a key component to Proton’s ongoing security monitoring and response activities for cyber threats for dealerships across North America. Additionally, the Proton SOC will also upgrade Reynolds’ existing network operations center by adding a dedicated space exclusively for monitoring security. “Active monitoring of a dealership’s network is a vital step toward preventing cyberattacks,” said the president of Reynolds. “This new operations centre is a significant investment and allows us to further demonstrate we are the best choice for automotive dealership cybersecurity.”</p>
<p>The SOC will collect and analyze data to identify suspicious or malicious activity on behalf of its clients. Constant, 24/7/365 monitoring, by Reynolds staff is necessary because cybercriminals never stop attacking.</p>
<p>When the SOC is fully operational, it will be headed by a full fledge CISO who will oversee cybersecurity personnel who will be on-site and receive ongoing training on the current cyber landscape, the tools criminals use, and the methods they employ to keep their skills sharp. This team will continuously monitor and analyze the security of Proton’s clients, defend them against security breaches, and actively isolate and mitigate security risks. “There is a big difference between what it means to be compliant, and what it means to be secure,” said Proton. “With dealerships constantly under attack, the cybersecurity professionals in the SOC, and the tools they will have at their disposal, will be dealers’ first line of defense.”</p>
<p><a href="{{#staticFileLink}}10924377094,RESIZE_584x{{/staticFileLink}}"><img class="align-right" src="{{#staticFileLink}}10924377094,RESIZE_400x{{/staticFileLink}}" alt="10924377094?profile=RESIZE_400x" width="300" /></a>Construction of the SOC is scheduled to be completed in 2023.</p>
<p>Source: <a href="http://www.canadianautoworld.ca/dealer-news/security-operations-centre-to-be-built-at-reynolds-headquarters">http://www.canadianautoworld.ca/dealer-news/security-operations-centre-to-be-built-at-reynolds-headquarters</a></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p></div>EU Hackers Create Keyless Auto Entry Malwarehttps://redskyalliance.org/automotive/eu-hackers-create-keyless-auto-entry-malware2022-10-18T14:37:09.000Z2022-10-18T14:37:09.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><a href="https://media.cybernews.com/images/featured-big/2022/10/car-hacker-theft.jpg" target="_blank"><img class="align-left" src="https://media.cybernews.com/images/featured-big/2022/10/car-hacker-theft.jpg?profile=RESIZE_400x" width="250" alt="car-hacker-theft.jpg?profile=RESIZE_400x" /></a>
<div class="content" style="line-height:1.6;color:#3e4348;font-family:roboto, '-apple-system', blinkmacsystemfont, 'Segoe UI', 'oxygen-sans', ubuntu, cantarell, 'Helvetica Neue', sans-serif;font-size:16px;font-style:normal;font-weight:400;letter-spacing:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;">
<p style="margin:0px;padding:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-size:inherit;font-family:inherit;"><span><strong><em>Hackers and their accomplices used fraudulent software to unlock, start and steal vehicles without using the actual key.</em></strong><br /><br />31 suspects were arrested, dismantling an alleged car theft ring that employed hacking software to steal French-made cars, Europol announced.<br /><br />According to the authorities, the suspects targeted vehicles of two French car manufacturers with keyless entry and start systems, twisting the in-built protection to steal the automobiles. </span><span>“A fraudulent tool – marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob,” Europol said in a <a class="editor-rtfLink" style="text-decoration:underline;" href="https://www.europol.europa.eu/media-press/newsroom/news/31-arrested-for-stealing-cars-hacking-keyless-tech" target="_blank">statement</a>.</span></p>
<p style="padding:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-size:inherit;font-family:inherit;margin:0px 0px 0px;"><span>In a cooperative effort to catch the car hacker ring, French, Spanish and Latvian authorities arrested 31 suspects and seized over €1 million in criminal assets.</span></p>
<p style="padding:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-size:inherit;font-family:inherit;margin:0px 0px 0px;"><span>According to Europol, arrested suspects allegedly carried out different tasks within the gang. Those arrested are software developers, people who sold the software, and car thieves who used it to break into vehicles.</span></p>
<p style="padding:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-size:inherit;font-family:inherit;margin:0px 0px 0px;"><span>source: <a href="https://cybernews.com/news/car-hackers-arrested-grand-theft-auto/">https://cybernews.com/news/car-hackers-arrested-grand-theft-auto/</a></span></p>
</div></div>Automobiles, Cyber & UN R155https://redskyalliance.org/automotive/automobiles-cyber-un-r1552022-10-17T14:07:31.000Z2022-10-17T14:07:31.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10843914886,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10843914886,RESIZE_400x{{/staticFileLink}}" alt="10843914886?profile=RESIZE_400x" width="250" /></a>Last week, we reported an alleged cyber-attack on Italian automaker Ferrari. Well, high end automaker has confirmed the leak of some internal documents but did not say how it happened. On 10 October, RansomEXX, a ransomware-as-a-service operator, claimed to have breached Ferrari, though the company said it is investigating how the leak occurred. Italy’s Red Hot Cyber reported that internal documents, including repair manuals, datasheets, etc., sizing up to 6.99 gigabytes, were leaked. RansomEXX has added Ferrari, whose racing division Scuderia Ferrari partnered with Bitdefender last week, to its list of victims. Ferrari is just the latest in a line of automakers who have been struck by hackers.<a href="#_ftn1">[1]</a> </p>
<p>Many have marveled at the latest innovations from Tesla, the skill of Google’s self-driving cars, or, at the very least, enjoyed playing a podcast on our phone through our car’s speakers. The automotive industry continues to innovate, bringing connectivity to vehicles in new ways from the cockpit to the engine. These new tools change the way people drive and view their cars. An automobile is no longer just for transportation from point A to point B, but cars are rolling data centers that transmit a wealth of actionable intelligence to the networks and systems around them. However, that same information is also a valuable commodity to hackers – who are looking to steal it at any cost.<a href="#_ftn2">[2]</a></p>
<p>It is projected that by 2025, there will be over 400 million connected cars in operation, up from some 237 million in 2021. That growth brings risk, and so it is particularly important that we secure connected cars from cyber security threats.</p>
<p>An Ongoing Threat - While there is a solid body of knowledge around securing automakers’ back-end networks, the actual car and the interconnected systems and components inside the vehicle are the least understood part of the automotive security equation. WiFi, Bluetooth, LTE and 5G, CAN bus, V2X and the entire infotainment system are all entry points that pose serious security risks for automotive manufacturers. New technologies such as Voice-as-an-Interface may further expand the attack surface from the vehicle to the consumer through connected ecosystems such as Amazon, Apple, and Google.</p>
<p>However, cybersecurity standards for cars are only emerging recently. The United Nations Economic Commission for Europe (UNECE) issued UN R155 that will came into effect on 1 July 2022 - for new vehicle types. These rules govern cybersecurity and cybersecurity management systems (CSMS) for all vehicles sold in major markets outside of the US, Canada and China.</p>
<p>Cybersecurity within the automotive industry has a long way to go to catch up to traditional enterprise cybersecurity standards and best practices. Automotive original equipment manufacturers (OEMs) and component manufacturers need to manage vehicle cybersecurity risks, mitigate risks along the supply chain by securing vehicles in the design stage, detect and respond to security incidents across a vehicle fleet, and provide safe, secure software updates that <u>do not</u> compromise vehicle security.</p>
<p>Protecting Vehicle Systems - Even in the relatively short life of connected vehicles we have seen reported attacks on everything from in-vehicle components and systems and back-end services to third-party technology providers and maintenance systems. The governance of connected automobiles remains essential to establishing cybersecurity measures across the industry. Vehicle cybersecurity starts with the OEM and each part of the value chain must adhere to regulations and mandatory legal requirements.</p>
<p>Manufacturers must install, evolve and maintain a CSMS throughout the product chain. In many areas, manufacturers must work together to create a governance framework that assigns responsibility to different parties. This includes those with roles in each part of the supply chain from OEM factories and legacy systems to component suppliers including those supplying sensors, ECUs, connections and other communication technology to maintain cohesion across applications.</p>
<p>ICS Cybersecurity Conference - To ensure proper security, automotive OEMs and suppliers must:</p>
<ul>
<li>Establish an incident response plan. Every device company needs best practices to include protocols for recovering from cyber threats and patching vulnerabilities. They should be able to communicate with car owners, dealers, and other manufacturers to prepare, find, fix and close any issues that arise. These guidelines are largely covered by the adoption of a CSMS which is outlined in the International Standards Organization/Society of Automotive Engineering (ISO/SAE) 21434 standards and mandated by UN R155.</li>
<li>Collaborate with appropriate parties. As with IT systems, no one technology product works in isolation. Connected car device manufacturers must have open lines with other providers to share security best practices and send alerts of potential vulnerabilities.</li>
<li>Manage and assess risk. Not all cybersecurity threats pose the same threat level. Device makers need to be aware of all dangers and treat those that could lead to safety and data security issues. This process can help automakers identify and protect the most critical assets to ensure the vehicle’s integrity. This is also covered by the adoption of a CSMS as outlined by ISO/SAE 21434 and mandated by UN R155.</li>
<li>Bake security into the design process and entire automotive ecosystem. With the risk of vulnerabilities now better understood, cybersecurity must be a top priority for the entire automotive ecosystem including the car, the network communications, the cloud services, and the connected apps on your phone.</li>
</ul>
<p>A Look at Testing - Mitigating cybersecurity threats is just the beginning of the process. It really is about validating that the security measures you have taken work. In order to understand that you have to think like a hacker. For automakers and suppliers, cybersecurity should take place at several levels. For the suppliers, they must test their devices and components including connected components at the communications protocol layer. For the automaker, they need to ensure that any supplier components have been thoroughly tested. Then, automotive manufacturers must ensure that any original parts and systems in alignment with their CSMS have been thoroughly tested. The security testing should include functional cybersecurity testing, fuzz testing, and vulnerability testing. These tests do not just need to cover a comprehensive suite of potential threat vectors; they also must account for the various points of entry an attacker can take. That means testing across all the communication interfaces a modern car uses, including cellular, Wi-Fi, Bluetooth, CAN, and automotive ethernet. But that is only half the battle. Software updates: the preferred method to mitigate emerging threats across automotive components and systems; require verification. This process is painstakingly repetitious, and automation is key to making this happen.</p>
<p>Compliance with UN R155 demands a repeatable, scalable, and well-documented testing approach. And between sprawling attack surfaces, emerging threats, and mandatory compliance processes, integration and automation aren’t luxury, they are a must-have. While it is possible to cobble individual hardware and software components together into an automotive cybersecurity test platform, the time commitment of managing a homegrown system can easily outweigh any potential benefits.</p>
<p>The Road Forward - As vehicles become more connected and autonomous and a part of our everyday life, the need to secure them only grows more critical and complex. The role of testing becomes even more critical to the success of the next generation of vehicles on the market. Better managing the cybersecurity needs of these cars starts at the beginning of the design process and continues throughout the life of the vehicle. With a committed industry, we can mitigate threats as they emerge and let everyone enjoy these truly incredible machines.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.spiceworks.com/it-security/security-general/news/ferrari-document-leak-ransomexx/">https://www.spiceworks.com/it-security/security-general/news/ferrari-document-leak-ransomexx/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.securityweek.com/automotive-security-threats-are-more-critical-ever">https://www.securityweek.com/automotive-security-threats-are-more-critical-ever</a></p></div>Intigrating Auto Cyber Safety Systemshttps://redskyalliance.org/automotive/intigrating-auto-cyber-safety-systems2022-08-26T13:15:40.000Z2022-08-26T13:15:40.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10792959288,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10792959288,RESIZE_400x{{/staticFileLink}}" alt="10792959288?profile=RESIZE_400x" width="250" /></a>Siemens Executive Summary: It is increasingly important to incorporate safety systems into vehicles. With advancements in vehicle electrification and autonomous vehicles (AV), the automotive industry is undergoing a transition that is safer and more environmentally friendly. This white paper discusses the transitions occurring in the automotive industry and what considerations for integrated safety system designs are relevant today or are expected to gain relevance in the coming years. The role of robust, fast and accurate numerical simulations in the development process of integrated safety systems is emphasized in this white paper.</p>
<p>Link to full White Paper: <a href="{{#staticFileLink}}10792946681,original{{/staticFileLink}}">siemens-sw-automotive-safety-system-development-white-paper-tcm27-103546-3xKmdgyWdZUVgUDmE3iUEnDwKF91fH5RgEUhVSkBy (1).pdf</a></p></div>Buying an Auto Dealership; How’s its Cyber Health?https://redskyalliance.org/automotive/buying-an-auto-dealership-how-s-its-cyber-health2022-04-19T14:41:38.000Z2022-04-19T14:41:38.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10401200652,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10401200652,RESIZE_400x{{/staticFileLink}}" alt="10401200652?profile=RESIZE_400x" width="250" /></a>Sound merger and acquisition often checks on a company’s cyber safeguarding and data transfer provisions said the President of investment banking and dealership advisory firm Presidio Group. Specifically, auto dealership purchase agreements many times include representations that the seller has complied with Gramm-Leach-Bliley and has taken reasonable steps to protect their computer systems and customers’ information, said a principal attorney and partner with Holland & Knight in Denver, CO who works on dealership transactions.<a href="#_ftn1">[1]</a> In the future, Safeguards Rule compliance likely will be added to the list of questions buyers ask about data security in their due diligence process. </p>
<p>Dealership buyers can start a risk assessment before a transaction closes by asking sellers to provide questionnaires they give cyber insurance providers, which generally mirror the US Federal Trade Commission’s z(FTC’s) requirements. </p>
<p>The Asbury Automotive Group Inc. in Georgia frequently looks for vulnerabilities in its own systems, as well as in systems for stores it plans to acquire, company leaders said last week. The publicly traded group rose one spot to No. 5 on Automotive News‘ most recent list of the top 150 dealership groups based in the US, sustained by its $3.2 billion purchase last year of Larry H. Miller Dealerships’ 61 new and used vehicle stores. “When you buy a single store, it needs a lot of work and structure on the IT side, especially on the security side,” the Asbury CEO said. “Most of the smaller groups have minimal security on their systems. They have it, but it’s minimal. Being a large company, we have layers of protection. So, in every acquisition we’ve done, even the big ones like [Larry H.] Miller and Park Place [Dealerships], we’ve had to add layers on top of their security, just to get ourselves comfortable. Certainly, Park Place had a more sophisticated one and so did the Millers. But being public, we enhanced it further.”</p>
<p>The CDK Global 2018 Dealership Cybersecurity Study found that 85% of IT staff say their dealership had experienced a cyber security incident within the previous two years. In 2021, the CDK Global 2021 State of Cybersecurity in the Dealership Report reflected that the average ransomware payout had increased seventeen-fold (17 x) in two years, up to $220,298 per incident. That’s an average, though, and the individual demand could range into the millions.<a href="#_ftn2">[2]</a> Dealerships have tightened their defenses since the 2018 report, but there continue to be areas that can be improved.</p>
<p>There is now a positive shift in the auto dealer mindset. The 2021 State of Cybersecurity in the Dealership Report also identifies a 16-day downtime due to ransomware attacks, essentially grinding a dealership’s operations to a halt for a half-month. It is no wonder that most SMBs can only last from three to seven days with their financial revenues shut off or scrambling to implement a stopgap.</p>
<p>It is critical to have the proper infrastructure in place to combat the effects of a cyberattack, including offline backups and monitoring software that help employees identify when an email or website isn’t secure. But there is more to dealership cybersecurity.</p>
<p>Dealers are in the car business, but that with current technology it is hardly the case anymore. Dealers are now in the customer service business primarily, and an increasing part of the business is software-related as cars become more connected. The CDK Global report says that “84% of consumers said they would not go back to buy another vehicle after their data had been compromised.” If dealerships are targeted, there is a serious likelihood that many customers will never return.</p>
<p>Cyber-attacks are increasing in frequency in the US, and they are emanating from new sources all the time. Protecting your dealership from the disruption and potentially costly payout or a ransomware attack could keep you in business while other less protected companies are put out of business. Red Sky Alliance has helped many companies with M&A threat and vulnerability assessments. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings:</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://usnewsmail.com/news/health/go-big-or-go-home-houston-wants-new-orleans-level-hurricane-protection-but-will-it-be-too-little-too-late/">https://usnewsmail.com/news/health/go-big-or-go-home-houston-wants-new-orleans-level-hurricane-protection-but-will-it-be-too-little-too-late/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.cbtnews.com/ransomware-attacks-are-on-the-rise-is-your-auto-dealership-secure/">https://www.cbtnews.com/ransomware-attacks-are-on-the-rise-is-your-auto-dealership-secure/</a></p></div>Toyota Hackhttps://redskyalliance.org/automotive/toyota-hack2022-03-02T18:16:46.000Z2022-03-02T18:16:46.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10165354056,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10165354056,RESIZE_400x{{/staticFileLink}}" alt="10165354056?profile=RESIZE_400x" width="250" /></a>Japanese auto giant Toyota said it will restart US domestic production today, a day after all of its factories nationwide ground to a halt following a cyberattack at a parts supplier. Production lines will be switched back on at its 14 factories across the US, Toyota said in a statement. Yesterday’s suspension hit output of around 13,000 vehicles, sparking concern about the robustness of cybersecurity in Japan's extensive supply chain.</p>
<p>The issue has emerged as a key area of concern in Japan, where government critics say responses have been hampered by a fractured approach to dealing with hacking threats. Toyota supplier Kojima Industries Corp, which provides plastic parts and electronic components to the automaker, said it had discovered an error at one of its file servers on 26 February. After rebooting the server, it confirmed it had been infected with a virus, and found a threatening message, it said in a separate statement.</p>
<p>The message was written in English, a Kojima spokesperson told media sources, but declined to give further details.</p>
<p>The system failure at Kojima meant the supplier was unable to ship parts, forcing Toyota, which does not stockpile components at its plants, to pause production, a Toyota spokesperson said. Kojima only supplies to Toyota and is a top-tier supplier of some parts, and a second-tier supplier of others, the Kojima spokesperson said. Toyota's operations in Japan encompass a supply chain of 60,000 companies across four tiers.</p>
<p>Toyota said it would be able to resume operation by tapping into a back-up network between it and the supplier. It would take a week or two to fully restore the system, it said. No information was available about who was behind the attack, nor the motive. It came just after Japan joined Western allies in clamping down on Russia in response to the invasion of Ukraine, although it was unclear whether the attack was related (though Red Sky Alliance believes this attack is likely related). Kojima said it was in contact with authorities.</p>
<p>The incident at the Toyota supplier exposes a potential weakness for Japanese industry. While big companies have cyber security measures in place, the government is worried about small or mid-level subcontractors, the industry minister, Koichi Hagiuda, told reporters on Tuesday.</p>
<p>In November 2020, Japanese videogame maker Capcom, which makes games including Resident Evil, said a ransomware attack had likely compromised personal information of up to 350,000 gamers, and some of its own financial data had been stolen.</p>
<p>Honda suspended some of its auto and motorcycle production globally in June 2020 after a suspected cyberattack. Will these type cyber attacks stop? Highly doubtful. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p>Source: <a href="https://www.autonews.com/automakers-suppliers/toyota-restart-japan-production-after-cyberattack-supplier">https://www.autonews.com/automakers-suppliers/toyota-restart-japan-production-after-cyberattack-supplier</a></p>
<p> </p></div>Tesla Cars Hackedhttps://redskyalliance.org/automotive/tesla-cars-hacked2022-02-04T15:19:14.000Z2022-02-04T15:19:14.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10070957501,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10070957501,RESIZE_400x{{/staticFileLink}}" alt="10070957501?profile=RESIZE_400x" width="250" /></a>A 19-year-old security researcher said he was able to hack into over 25 Teslas from around the world. Recently the young hacker published a blog post explaining how he was able to remotely hack into the cars via security bugs in TeslaMate, a popular open source logging tool that tracks anything from the Tesla's energy consumption to location history. The teenager hails from Dinkelsbühl, Germany and first revealed news of the vulnerability on Twitter earlier in January, but waited to fully detail the issue until the Tesla issues were fixed.</p>
<p>The researcher said the vulnerability allowed him to remotely access multiple Tesla features, including unlocking doors and windows, and starting keyless driving. The teen also said he could turn on the stereo or honk the horn, as well as view the car's location and whether the driver was present. However, he said he does not believe it would be possible to move the vehicle remotely.</p>
<p>"There should be no way at all that someone could literally walk up to some Teslas they do not own and take them for a drive," he said in his blog post on Medium. "I also think it potentially could result in some dangerous situations on the road. For example, if someone with remote access starts blasting music on max volume while the driver is on the highway, or randomly and uncontrollable remotely flashing the lights of the Teslas at night."</p>
<p>The security issue revolved around how TeslaMate stored sensitive information that is needed to link the program to the car. The cybersecurity researcher explained that the information, including the car's API Key, could be repurposed to remotely send commands to the exposed Teslas and allow hackers to retain long-term access to the cars without the driver's knowledge.<a href="#_ftn1">[1]</a></p>
<p>The German youth said he first became aware of the vulnerability in one Tesla in October and was able to contact the owner. He found over 20 more vulnerable Teslas in January but faced difficulty contacting the owners. In his efforts to alert Tesla owners to the issue, he also found a flaw in the carmaker's software for its digital car key that allowed him to learn a Tesla owner's email address.<a href="#_ftn2">[2]</a></p>
<p>After privately reporting the issues to TeslaMate, as well as Tesla's security team, the third party tool pushed a software fix and Tesla's security team revoked all affected access tokens, as well as notified the owners. TeslaMate told TechCrunch that the company pushed out the update within hours of receiving the warning. </p>
<p>The German security researcher is not the first to hack a Tesla. Last year, two researchers showed how a drone could launch an attack via WiFi and open a Tesla's doors. In 2020, another researcher managed to hack into a Tesla's keyless entry system in 90 seconds by spoofing the signal.</p>
<p>With all great technological advances, there is always a negative side where hackers will exploit. In this case, to the potential detriment of highway safety. Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://arstechnica.com/cars/2022/01/teen-hacker-finds-bug-that-lets-him-control-25-teslas-remotely/">https://arstechnica.com/cars/2022/01/teen-hacker-finds-bug-that-lets-him-control-25-teslas-remotely/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.pcmag.com/news/teenage-hacker-gains-remote-control-of-25-teslas-in-13-countries">https://www.pcmag.com/news/teenage-hacker-gains-remote-control-of-25-teslas-in-13-countries</a></p></div>Automobile Cyber Securityhttps://redskyalliance.org/automotive/automobile-cyber-security2021-10-26T17:17:33.000Z2021-10-26T17:17:33.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}9739046481,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9739046481,RESIZE_400x{{/staticFileLink}}" alt="9739046481?profile=RESIZE_400x" width="250" /></a>Auto manufacturers cannot afford to penny-pinch on cyber security and should manage risk from the very beginning of the design process and across the software development lifecycle and supply chain. Cyber security affects our everyday lives, from the small-scale phishing emails you receive in your inbox to the ransomware attack that shut down the Colonial Pipeline earlier this year and caused panic and a run on fuel. And it’s not just fuel that can be affected by cybersecurity attacks, but also the vehicles themselves.</p>
<p>As cars and trucks become more connected and incorporate more “smart” capabilities, they are becoming increasingly dependent on software – software that enables features that make our vehicles safe, fun and more functional for us. </p>
<p>The systems and services these features rely on, such as over-the-air (OTA) software updates, infotainment systems, ECUs and communication over wireless interfaces all contribute to increased cybersecurity risks for smart and autonomous cars. Automotive manufacturers are attempting to address them.<a href="#_ftn1">[1]</a></p>
<p>Why Are Vehicle Software Updates Vulnerable? OTA software updates, delivered over a cellular network, WiFi or other radio frequency (RF)-based methods, allow vehicle manufacturers to fix bugs as well as launch new or updated features and functions without requiring the vehicle’s owner to visit a dealer. However, while OTA software updates and in-vehicle apps give cars new capabilities, not to mention the implementation of important fixes, they also present potential security vulnerabilities that must be addressed. Whether developed in-house or within the supply chain, automotive software, as well as the channels through which software updates are made, have the potential for multiple attack points carrying a high risk of being targeted, including:</p>
<ul>
<li>Wireless communication, such as Wi-Fi, Bluetooth and other RF technologies</li>
<li>Hardware (e.g., components that updates are destined for, ECU, MCU)</li>
<li>Software</li>
<li>Unintended interactions due to updates</li>
</ul>
<p>ECUs: A Hacker’s Playground – Now let’s look at electronic control units (ECUs), the embedded systems in automotive electronics that control the electrical systems or subsystems in vehicles. Modern vehicles typically have more than 100 ECUs running functions such as fuel injection, temperature control, braking and object detection. Traditionally, ECUs were designed so that they simply accepted commands from and shared information with any entity on the same wiring bus. However, this creates a large vulnerability. These vulnerabilities, though a bit date, were demonstrated in a well-documented planned attack on a Jeep in 2015 executed by researchers. This controlled cyber attack against the Jeep was very alarming to but the auto industry and consumers alike. But did it really change anything?</p>
<p>In a driver’s understanding, the first the researchers exploited was a vulnerability in the software on a radio processor via the cellular network, then moved on to the infotainment system, and finally targeted the ECUs to affect braking and steering. That was enough to get the automotive industry to start paying more attention to cybersecurity.</p>
<p>Today, a common design is to have ECUs behind gateway(s), so that only those devices that ought to be talking to each other are doing so, which is a much better strategy than the alternative wide-open network in the vehicle.</p>
<p>The Exploitation of Infotainment Systems - In addition to ECUs, infotainment systems provide an overabundance of ways a hacker can access many different devices in a vehicle. These systems have access to cellular networks for activities such as firmware updates, location-based roadside assistance, remote vehicle diagnostic services and information sharing for driver safety. What might not be immediately obvious to many is that infotainment systems also tend to be connected to various critical vehicle systems to provide drivers with operational data, such as engine performance information, as well as to controls, ranging from climate control and navigation systems to those that could tie into or influence driving functions.</p>
<p>Given all the connections that exist in the above automobile systems and the vehicle dashboard itself (or what we like to now call the Digitial Cockpit) — not to mention the powerful, full-featured software on them that performs these functions — it is probable that hackers will find new vulnerabilities to hack into them.</p>
<p>Automotive Industry’s Cybersecurity Standards - Unfortunately, the automotive industry currently lacks a standardized means of verifying software updates. One original equipment manufacturer or ‘OEM,’ might have more than a dozen ways to confirm software updates for some of its components. However, overarching cybersecurity-related guidance is available from entities such as NHTSA, which recently updated its Cybersecurity Best Practices for Modern Vehicles report. Other standards, like ISO 26262, also provide guidance on how manufacturers can protect consumers from incidents in their vehicles by developing functionally safe components.</p>
<p>In a recent Executive Order (EO) US President Joe Biden penned the order on “Improving the Nation’s Cybersecurity,” signaling potentially increased regulatory oversight of cybersecurity laws and regulations. This EO provides guidance at a federal level that should influence how the automotive industry (and other mission-critical industries) should protect themselves and react to security threats.</p>
<p>Last but most importantly, is the upcoming release of ISO/SAE 21434 Road vehicles – Cybersecurity engineering which provides vehicle and component providers guidance on how to address cybersecurity in their environment. Developing secure OTA software updates and in-vehicle apps entails a number of measures, from risk and threat modeling to communications interface testing to the implementation of encryption and authentication.</p>
<p>Red Sky Alliance is in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the Alliance directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.wardsauto.com/industry-news/autoline-daily-2021-top-industry-news-oct-26">https://www.wardsauto.com/industry-news/autoline-daily-2021-top-industry-news-oct-26</a></p></div>Auto Dealers and Cyber Security June 2021https://redskyalliance.org/automotive/auto-dealers-and-cyber-security-june-20212021-06-03T13:18:27.000Z2021-06-03T13:18:27.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}9029238069,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9029238069,RESIZE_400x{{/staticFileLink}}" width="250" alt="9029238069?profile=RESIZE_400x" /></a>Auto News recently published a cautionary article reporting, “Auto dealers are getting better at protecting their computer networks from cyberattacks, an information technology consultant who works with dealerships told me last week. They are investing in phishing training, a process that tests whether employees click on suspicious emails and trains those who do on proper security practices. More are carrying cyber insurance. They are talking to colleagues in industry peer groups about best practices. Just as dealerships have improved their defenses against hackers, the hackers have started using a different playbook.” </p>
<p>In the past, criminal hackers would deploy automated programs that would lock up files once someone clicked a malicious link or attachment in an email. Then antivirus software and firewalls improved and started blocking the malware. Hackers are smart and pivoted to new techniques. Today, when they gain access to networks, they embed malware into systems to figure out how systems are designed and create a malicious foundation for a cyber-attack <u>before</u> it is launched.<a href="#_ftn1">[1]</a></p>
<p>The attacks in question, often ransomware variants, can be devastating to a dealership. In the forefront is the Colonial Pipeline ransomware attack, which resulted in the ransom payment of USD $4.4 million. Auto dealerships are not immune. So have dealerships. A cyber security firm who specializes in supporting auto dealerships says, "we see credible, critical-level threats a few times a week." "The attackers have identified industries where they're not doing enough defense. And dealers are one of those."</p>
<p>New threat intelligence software can better detect hackers rooting around inside computer networks, but it's newer technology, and many dealerships aren't yet using it. Awareness to the severity of cyberattacks and what's at stake for dealers, including the possibility of having their operations shut down entirely, is a top priority. "Dealers have always struggled with readiness when it comes to cybersecurity. Dealers started doing more things, but now the game has changed substantially, and they are not ready," said the researcher. </p>
<p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice and very important, however, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. </p>
<p>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a>.</p>
<p>Interested in a RedXray subscription to see what we can do for you? Sign up here: <a href="https://www.wapacklabs.com/RedXray">https://www.wapacklabs.com/RedXray</a> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.autonews.com/retail-technology/hackers-are-playing-new-rules-and-dealerships-defenses-arent-ready">https://www.autonews.com/retail-technology/hackers-are-playing-new-rules-and-dealerships-defenses-arent-ready</a></p></div>Stolen Driver's License - Geicohttps://redskyalliance.org/automotive/stolen-driver-s-license-geico2021-04-27T19:49:02.000Z2021-04-27T19:49:02.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}8837253898,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8837253898,RESIZE_400x{{/staticFileLink}}" alt="8837253898?profile=RESIZE_400x" width="250" /></a>US insurance leader Geico says hackers stole driver's license numbers from its website after they supplied personal information that they had acquired elsewhere. The driver's license numbers are believed to have been used "to fraudulently apply for unemployment benefits," Geico reported. Unemployment fraud has skyrocketed since Covid.</p>
<p>The US Labor Department's Office of the Inspector General estimated that between April and September 2020, as much as 10% of the $360 billion spent as part of the CARES Act, the first of three pandemic-related stimulus packages, may have been paid improperly, with a "significant portion attributed to fraud."</p>
<p>Geico's breach was revealed in a notice published by California's Office of the Attorney General. The notice was sent to affected consumers. Organizations in California are required to notify the state of data breaches affecting 500 residents or more. Chevy Chase, Maryland-based Geico did not say how many people were affected or if people living in states other than California were also affected. </p>
<p>The company says the exposure lasted from 21 January to 01 March 2021. Geico did not provide details on the security weakness, only saying it involved "the online sales system on our website." "As soon as Geico became aware of the issue, we secured the affected website and worked to identify the root cause of the incident," the company says. "While we regularly maintain high security and privacy standards, we have also implemented - and continue to implement additional security enhancements to help prevent future fraud and illegal activities on our website."</p>
<p><em>See: <a href="https://redskyalliance.org/xindustry/is-an-instant-insurance-quote-worth-the-loss-of-your-identity">https://redskyalliance.org/xindustry/is-an-instant-insurance-quote-worth-the-loss-of-your-identity</a></em></p>
<p>Geico is offering those affected by the breach a prepaid one-year subscription to the identity theft monitoring service IdentityForce. So far, it does not appear the Geico data has turned up on the dark web, says the CTO of Hold Security, a Wisconsin-based consultancy that monitors dark web sources for stolen data.<a href="#_ftn1">[1]</a></p>
<p>A decade ago, the exposure of a driver's license number was not as serious an event. But there has been an uptick in cybercriminal interest in driver's license numbers with the onset of pandemic restrictions limiting in-person contact. "Nobody asks you to show up at a physical location, whether it is a bank or an unemployment office," Hold Security says.</p>
<p>Because of the lack of face-to-face interaction, organizations have not been able to ensure that a physical driver's license actually matches a person. Aside from fraudulent unemployment claims, driver's license numbers are useful these days for those seeking to become contractors for delivery services but who lack a valid license. Also, the expiration dates of licenses have been less relevant due to the pandemic. Wisconsin, for example, allowed older people to continue to use expired licenses to reduce physical traffic at renewal facilities.</p>
<p>Since 2017, driver's license data for more than 150 million people in the US has been compromised in data breaches, according to the Identity Theft Resource Center. In November 2020, the insurance software firm Vertafore disclosed unauthorized access to one of its databases that held driver's license data for more than 27 million Texas citizens.</p>
<p>Red Sky Alliance has been has analyzing and documenting these type of cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at <a href="https://redskyalliance.org">https://redskyalliance.org</a> at no charge. Many past tactics are often dusted off and reused in current malicious campaigns. Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<p><strong>Weekly Cyber Intelligence Briefings</strong>:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941%C2%A0">https://www.linkedin.com/company/64265941 </a></li>
</ul>
<p><strong><br /> Weekly Cyber Intelligence Briefings</strong>:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.bankinfosecurity.com/geico-says-drivers-license-numbers-stolen-from-website-a-16431">https://www.bankinfosecurity.com/geico-says-drivers-license-numbers-stolen-from-website-a-16431</a></p></div>KIA Again….More Worrieshttps://redskyalliance.org/automotive/kia-again-more-worries2021-03-10T19:08:09.000Z2021-03-10T19:08:09.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}8653520868,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8653520868,RESIZE_400x{{/staticFileLink}}" width="250" alt="8653520868?profile=RESIZE_400x" /></a>As if Kia Motors doesn’t have enough to worry about, now this. Last Friday, Red Sky Alliance reported on Kia Motors of America was hit by the DopplePaymer malware, causing havoc at dealerships in the US and Canada.<a href="#_ftn1">[1]</a> Now Kia has been forced to recall nearly 380,000 if its vehicles due to a potential fire risk hazard. The Korean automaker said in an advisory posted Tuesday by the US National Highway Traffic Safety Administration (NHTSA) that it is recalling certain 2017 through 2021 Sportage SUVs and 2017 through 2019 Cadenza sedans over concerns of a fire risk.</p>
<p>The company recommended that all drivers of the models that aren't equipped with Kia's Smart Cruise Control System to park "outside and away from homes and other structures." That’s not good. If the car ignites in an attached garage, big trouble for a homeowner. According to the recall report, Kia believes that a short circuit in the hydraulic electronic brake control unit can cause excessive current, which could possibly lead to a fire.<a href="#_ftn2">[2]</a> Owners of affected vehicles could see tire pressure, anti-lock brake or other warning lights go off before the problem occurs. They may also smell a burning or melting odor or see smoke coming from the engine component, the report said.</p>
<p>The recall report also said that affected car owners can bring their vehicle to a Kia dealer, where the fuses in the electrical junction box will be replaced for free. Dealers will be notified of the recall on 15 April 2021 and car owners will be notified on 30 April 2021. Hopefully the DopplePaymer issue is fully cleared up by then. </p>
<p>According to the Associated Press (AP), the recall comes after the NHTSA launched an investigation into Kia and Hyundai engine fires back in 2019 when the nonprofit Center for Auto Safety filed a petition for the investigation, citing car owner complaints of more than 3,100 fires, 103 injuries and one death. In November 2020, the NHTSA announced that both automakers were fined $137 million for taking too long to recall over 1 million vehicles with engines that can fail. </p>
<p>Kia reportedly paid $27 million and invested $16 million in safety performance measures, while another $27 million payment will not be paid assuming the company follows safety conditions. </p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://redskyalliance.org/xindustry/intelligence-report-aviation-auto-industries">https://redskyalliance.org/xindustry/intelligence-report-aviation-auto-industries</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://people.com/human-interest/toro-recalls-snow-blower-due-to-amputation-risk/">https://people.com/human-interest/toro-recalls-snow-blower-due-to-amputation-risk/</a></p></div>DopplePaymer hits Kia Americahttps://redskyalliance.org/automotive/dopplepaymer-hits-kia-america2021-03-07T19:37:34.000Z2021-03-07T19:37:34.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}8640797885,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8640797885,RESIZE_400x{{/staticFileLink}}" width="250" alt="8640797885?profile=RESIZE_400x" /></a>Automaker Kia Motors America (KMA) is the latest victim of the DoppelPaymer ransomware, which allegedly affected internal and customer-facing systems. The ransomware criminal gang admitted responsibility for the attack and is demanding $20 million worth of Bitcoin to decrypt files and not leak the sensitive data online. However, the US California-based automaker denied that it was subject to a ransomware attack. It however acknowledged the extended system outage that left some customers without service.<a href="#_ftn1">[1]</a> </p>
<p>KIA nationwide system outage affected its Mobile UVO link apps, payment services, phone services, owner portal, and dealerships’ internal systems. Buyers said they received information from dealerships that they could not pick up their cars because of a system outage caused by a ransomware attack. The company acknowledged the outage affecting dealer and customer-facing systems and promised that it was working to resolve the issue. Researchers obtained a ransomware note generated by DoppelPaymer ransomware threat actors during the attack. The ransomware gang claimed to have attacked KIA’s parent company Hyundai Motor America. The ransomware attack victim page referred to “Hyundai Motor America.” DoppelPaymer threatened to publish the exfiltrated data within 2-3 weeks if KMA failed to negotiate a settlement. The ransom would also increase the ransom from the current 404 Bitcoins worth about $20 million to 600 Bitcoins worth about $30 million. Kia Motors America acknowledged experiencing an extended systems outage that affected systems, including the Kia Owner Portal, UVO Mobile Apps, and the Consumer Affairs Web portal.</p>
<p>Kia publicly apologized for any inconvenience to affected customers, including those depending on the remote start and heating features, promising to restore the affected systems as quickly as possible.</p>
<p>Hyundai also experienced system outages, similar to those experienced by its subsidiary, Kia motors. Its internal systems and dealer sites were rendered unreachable, but the company denied the disruption originating from any ransomware attack.</p>
<p>DoppelPaymer ransomware gang operates on the double extortion policy by threatening to publish the stolen data online if the victim refuses to pay the ransom. Past victims include PEMEX (Petróleos Mexicanos), Bretagne Télécom, the City of Torrance in California, Hall County in Georgia, Foxconn, Newcastle University, Compal, and Banijay Group SAS. DoppelPaymer ransomware group has not disclosed the type of data allegedly stolen from Kia and Hyundai Motors. However, the disruptions appear too coincidental to be just random technical glitches. Perhaps Kia and Hyundai intend to cover up the ransomware attack, or DoppelPaymer ransomware operators wished to capitalize on the outage to improve their “street cred.”</p>
<p>Every successful ransomware attack carries a huge reputational cost to the affected companies. Consequently, it is not uncommon for organizations to initially deny such attacks, only to acknowledge them later when the media attention subsides.</p>
<p>The attack “impacted many significant IT systems, including those needed for customers to take delivery of their newly-purchased vehicles,” costing the company not only revenues but also “reputational damage with current and potential customers.”</p>
<p>comforte AG, says: “The very recent ransomware attack on Kia Motors America demonstrates just how important it is for every organization to rethink data security. Threatened with an imminent leak of stolen data, Kia must now assess just how much sensitive information might be released if they don’t meet the terms of the threat actors. Hopefully, they are able to navigate this situation effectively with minimal damage.”</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has been following the DopplePaymer group for a while. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:<a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p> <a href="#_ftnref1">[1]</a> <a href="https://www.cpomagazine.com/cyber-security/kia-motors-america-suffers-a-20-million-suspected-doppelpaymer-ransomware-attack/">https://www.cpomagazine.com/cyber-security/kia-motors-america-suffers-a-20-million-suspected-doppelpaymer-ransomware-attack/</a></p></div>COVID-19 /Auto Repair, Dealerships and Hackers!https://redskyalliance.org/automotive/covid-19-auto-repair-dealerships-and-hackers2020-03-22T19:40:00.000Z2020-03-22T19:40:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}4193198023,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}4193198023,RESIZE_710x{{/staticFileLink}}" width="250" alt="4193198023?profile=RESIZE_710x" /></a>Police/Fire, EMS, nurses and doctors are all important services amid our current COVID-19 pandemic. But like everyone else in the international critical infrastructure and key resource professions; they need to get to work. This equates to services that remain in demand: auto repair shops and car dealerships. Link to full report: <a href="{{#staticFileLink}}4193201449,original{{/staticFileLink}}">TR-20-082-001_auto_covid.pdf</a></p></div>Ai and Selling Carshttps://redskyalliance.org/automotive/ai-and-selling-cars2020-02-13T17:57:50.000Z2020-02-13T17:57:50.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3860997923,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3860997923,RESIZE_710x{{/staticFileLink}}" width="278" height="158" alt="3860997923?profile=RESIZE_710x" /></a>Ward’s Auto presented a great article about artificial intelligence (Ai). With nearly three-quarters of dealers expressing interest in adopting Ai at some point, it’s clear most have accepted its forthcoming promise to change business as we know it. As consumers themselves, most dealers are familiar with Ai’s customer-facing benefits, such as Netflix’s show recommendations or even Gmail’s spam filters. However, the benefits for some businesses, especially one as specialized as a car dealership, can seem less clear.<a href="#_ftn1">[1]</a></p>
<p>Fortunately, Ai is not just for the benefit of the car customers. Those who pursue their interest in adopting Ai at their dealership can expect business and bottom line to change (for the betterment of auto dealers) in five key points.</p>
<ol>
<li><strong> Improved Customer Retention and Loyalty</strong></li>
</ol>
<p>Ai is instrumental in predicting and providing customer information which allow for the fast, efficient and personalized experience customers expect. By improving their car buying experience and in turn, the dealership’s relationship with them, the probability of return business increases exponentially. Sales customers will be more likely to turn into service customers, and they are more likely to recommend the dealership to their friends, creating even more loyal customers. A steady customer base can be the difference between a good and a great sales profits or keep the dealership stable during an economic downturn. </p>
<ol start="2">
<li><strong> Create Additional Revenue and Increase Sales</strong></li>
</ol>
<p>Ai helps identify sales opportunities that would likely go unnoticed with a more traditional approach. Ai can use online and offline behavior and lifestyle data to flag automotive customers whose activity indicates that they are ready to buy and inform the salesperson about what inventory customers are in search of. A good Ai tool will also better explain the sales engagement strength of an active customer lead by totaling interactions logged in the Customer Relationship Management, or CRM. This level of data allow sales teams to better identify new customers, pursue the most viable leads, and successfully close an auto sales. </p>
<ol start="3">
<li><strong> Lower Marketing and Sales Costs</strong></li>
</ol>
<p>In a climate where personalization is standard, the days of blanketed mass marketing tactics have vanished. Ai can help dealers customize emails, banner ADs, texts and other marketing efforts to target the right customers, at the right time, with specific inventory, which offer a sales force specific details that Ai data provides for a positive sales opportunity. This focused sales approach is not only cost effective, faster and easier; it is a more effective way to generate sales leads and make car deals than is a mailer or cold calling efforts.</p>
<ol start="4">
<li><strong> Getting Time Back</strong></li>
</ol>
<p>In sales, time is money and failing to address operational inefficiencies is a way to lose both. By using Ai, sales teams can be smarter about how they spend their time. For instance, knowing where customers are in the buying cycle or the level of their engagement can save valuable days chasing bad leads. Ai can even generate customer sentiment, giving sales reps real-time feedback about how a deal is going and giving managers the information needed to coach staffers to improve sales in the future. Overall, Ai speed up the buying process and creates higher sales efficiency. Recent surveys indicate that 72% of car dealers agree automation and Ai allow their staff to focus time on other areas of their dealership business.</p>
<ol start="5">
<li><strong> Gain a Competitive Advantage</strong></li>
</ol>
<p>The auto industry researchers predict that 79% of businesses plans will use Ai by 2021, which means customer expectations will heighten with time. While it can be tempting to ignore the signs with an “if-it-ain’t-broke-don’t-fix-it” attitude, dealers who fail to adopt Ai technology will risk being left behind. Those who do use it (and is urged, soon) will have a distinct advantage. The auto sales industry is already a very tight market, so many are urging that the time is ripe to adopt Ai solutions. </p>
<p><strong>Now the Cautionary Downside of Ai.</strong> Without proper cyber protections, associated virtual auto sales avenues through Ai, black hat hackers could jump on the opportunities to attack a dealerships network. This to pass along malware, bent on financially motivated fraud prospects. There have been ransomware attacks targeting numerous dealerships in the past few years and seen in various countries. Some of these attacks were made public; others remain out of the media spotlight. But if Ai and the escalated use of the Internet continues in the auto sales forces, more cyber-attacks will occur. Red Sky Alliance and its tool: RedXray, can help dealerships protect their networks by scouring the surface, deep and dark web for malicious activity that target auto dealers. Employing network firewalls is essential to proper network protection but getting proactive cyber intelligence to augment these static cyber protections will defiantly help with added protection. Red Sky Alliance is additionally offering cyber insurance through Cysurance (Chubb Ins.). </p>
<p>Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p><em>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a><br /> Twitter: <a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></em></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.wardsauto.com/dealers/what-Ai-really-means-car-dealerships">https://www.wardsauto.com/dealers/what-Ai-really-means-car-dealerships</a></p></div>Auto Dealerships Could Lose Big, Real Bighttps://redskyalliance.org/automotive/auto-dealerships-could-lose-big-real-big2020-01-31T13:44:14.000Z2020-01-31T13:44:14.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3841687783,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3841687783,RESIZE_710x{{/staticFileLink}}" width="275" alt="3841687783?profile=RESIZE_710x" /></a></p>
<p>84 percent of consumers polled; said they would <strong>not</strong> buy a car from an auto dealership that experienced a data security breach.</p>
<p>Most dealership IT professionals agree it is not a matter of if, but when the next dealership will fall victim to a cyber-attack involving malware, social engineering, or other malicious cyber schemes. Based on a CDK Global 2018 dealership cybersecurity study, 85% of IT-related employees say their dealership was the target of a cyber-attack within the last two years, despite 67% of respondents being confident in cybersecurity efforts prior to the attack.</p>
<p>Seven of 10 respondents said their dealerships invest in cyber-security measures. But more than 60% acknowledged their dealerships have <strong>not</strong> conducted a formal risk assessment to identify foreseeable internal and external cybersecurity risks, do not conduct regular tests for security systems and processes or do not have a formal process to respond to security incidents.</p>
<p>Auto dealerships have been victims of cyber-attacks that can access sensitive information, such as dealership bank account numbers, routing numbers, login credentials and customer credit card numbers, addresses, social security numbers, and credit scores. Aside from buying a house, purchasing a car is the next biggest financial investment the consumer participates in. </p>
<p>Here are some recent auto dealer cyber incidents:</p>
<ul><li>An email-attachment virus was downloaded on a finance and insurance manager’s computer. The virus effectively logged the computer’s internet history and keystrokes (a keylogger attack). The cyber attackers used the information to obtain hundreds of customer credit reports, costing the dealership more than $150,000.00.</li>
<li>A controller received an email from someone impersonating a dealership employee, requesting a $30,000 wire transfer. After exchanging a few emails, the controller initiated the transfer, sending the cyber attackers $30,000. The dealership was unable to retrack the money transfer.</li>
<li>An accountant visited what he thought was the dealership’s bank website. The accountant was prompted to enter log in information and account numbers, among other information, which the accountant followed. The cyber attacker used the information to initiate a $400,000 wire transfer. Fortunately, the bank stopped the transfer in time and saved the dealership.</li>
<li>The UK Dealership – Lookers was breached last year and now are faced with extensive employee layoffs, as their profits drastically fell. </li>
</ul><p>In addition to potential legal actions, a cyber-attack can jeopardize reputations and drive away customers.</p>
<p>Auto Dealership Risk Mitigation suggestions - Below are steps auto dealerships can take to prevent cyber-attacks:</p>
<ul><li>Conduct periodic security-awareness training for all personnel. Employees are critical to cyber defense. Educating your employees will strengthen their ability to detect and prevent future cyber-attacks.</li>
<li>Perform a comprehensive Threat Vulnerability Risk Assessments. These type assessments identify, quantifies and documents the probability of various types of potential disruptive cyber threats related to a specific dealership network and location.</li>
<li>Develop a management cyber playbook to cover reported incidents and how to properly address them. This needs to include procedures for communicating a breach to affected parties (both internal and external).</li>
<li>Create a prioritized list of risks (based on the threat assessment model) and associate those risks with adequate risk-mitigation controls (e.g., technology, services, or additional procedures). Depending on the dealership’s current security posture, these controls may need to be developed and/or enhanced. Identifying top-level risks now can serve as a catalyst for additional controls or defenses in the future (time and cost permitting).</li>
<li>Reassess our audit your risk environment periodically through threat assessment. This will put closure on previously identified risks, ensuring that they have been mitigated to an acceptable level, and determine whether new risks have evolved since the prior assessment.<a href="#_ftn1">[1]</a></li>
</ul><p>A recent search in RedXray-<em>Plus</em> was conducted, researching a large auto dealership in the Northeast of America. Our results are below: </p>
<p><a href="{{#staticFileLink}}3841688278,RESIZE_710x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3841688278,RESIZE_710x{{/staticFileLink}}" width="406" height="197" alt="3841688278?profile=RESIZE_710x" /></a>As this research confirms, auto dealerships are very vulnerable to a variety of cyber-attacks, to include: Breach data; Keylogger data; Malicious emails; Malicious email context; Malicious email Detections; Pastebin Hits; Sinkhole Traffic; and Threat Recon. All this dangerous data collected from the surface and underground Internet; never touching your networks. Firewalls are great, but if they fail to identify new and emerging threat, which out data can provide, the firewall will have a hole in it. A hole malware can enter and attack your network. </p>
<p>Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, or a RedXray-<em>Plus</em> demo, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p><em>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a><br /> Twitter: <a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></em></p>
<p> <a href="#_ftnref1">[1]</a> Taken from excerpts by Christopher Arkin is senior director-investigations and compliance at security firm Guidepost Solutions.</p></div>Auto Repair Shops and Cyberhttps://redskyalliance.org/automotive/auto-repair-shops-and-cyber2020-01-16T19:50:59.000Z2020-01-16T19:50:59.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3822631512,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3822631512,RESIZE_710x{{/staticFileLink}}" width="275" alt="3822631512?profile=RESIZE_710x" /></a>Independent auto repair owner in Massachusetts (MA) are carefully watching a 2020 state ballot issue, for auto manufacturers to fairly provide and share automotive digital data collected by new vehicles. Cynical legislators recently had many questions while hearing testimony on 13 January 2020 as they weighed cyber ramifications for them to create new related laws. </p>
<p>The auto shop owners are seeking an update to the 2012 MA “right-to-repair” law that was originally passed to make sure auto manufacturers provide the same diagnostic repair information available at a reasonable cost to both dealerships “and” independent mechanics. The lobby who then persuaded the state legislature to pass that statute more than seven years ago, is back pushing lawmakers to guarantee the law is expanded to cover data that is being collected and transmitted to manufacturers wirelessly, and thus potentially used to give car dealerships a significant competitive advantage. </p>
<p>The MA Joint Committee on Consumer Protection and Professional Licensure heard testimony on a variety of right-to-repair proposals, including the proposed ballot question that is now before the Legislature for consideration. Proponents of a new “right-to-repair” law say it is about protecting consumer choice, but auto manufacturers counter that independent shops already have access to all the information they need to repair vehicles, though manufacturer repair codes. Some are claiming that the exclusion of remote telematics was a previous concession made by repair shop owners during past negotiations. The Right to Repair Coalition, told the legislative committee that their group of more than 2,000 independent auto repairers want to make sure that technological advances in vehicles do not stifle consumers in their choice of where to have their vehicles repaired. The coalition said, “This is about mechanical information necessary to diagnose, repair and maintain a car.”</p>
<p>Some repair shop owners are struggling to fully explain just “how” access to the telematics data could help them in proper repairs. Some mechanics fear about how auto manufacturers might restrict access to data in the future. This would hurt their independent business. Asked by legislators for an example of how their business are directly impacted, and one mechanic told the committee the story of one customer whose OnStar system identified a “check engine” light and gave her the option of bringing the vehicle to one of two dealerships for repair. Some say, “it sounds like it’s a competitiveness issue more than a [just] repair codes.” The 2012 law already guarantees independent repair shops with access to the same repair diagnostic information (codes) as dealerships and at the same cost. Yet the law does not address the two-way wireless diagnostic information flow. </p>
<p>Auto manufacturers report that most modern vehicles collect volumes of data on how those vehicles are functioning and being driven; even recording a driver’s weight, where they drive and how fast. Some of this collected data is deleted immediately, while some is anonymized and used to give consumers real time info on traffic or to help manufacturers identify and issue safety recalls. A small amount of data is tied to an identifiable user and can be used for emergency responses (like OnStar type technology). Some experts say expanding access to telematics data would create a greater risk of personal data being exposed or vehicle telematics systems being hacked. This is the heart of the cyber security issue.</p>
<p>Late last year, Popular Mechanics published a report on hacking auto Rf technology. One such example is hacking your car’s key fob to gain entrance. Similar hacking techniques could be utilized to steal auto diagnostics and possibly your proprietary information. It's convenient to open your car door without having to dig around in your bag or pocket for the key fob. It is certainly a great marketing pitch for push-to-start cars, but it is also making life extremely easy for cyber criminals. As with so many “advances” in technology; there have been serious unintended consequences for newer cars. According to the FBI, auto theft hit an eight-year high in 2017, with 773,139 reported cases, up from an all-time low of 686,803 in 2014. That is occurring in conjunction with an increase in keyless ignition systems. In 2018, 62 percent of cars sold use keyless ignition as standard equipment, up from 11 percent in 2008. So why is it possible to pull off any kind of theft? Keyless ignition systems come with a fob that transmits a unique low-frequency signal to the car's computer system, which then validates the correct signal has been sent and allows you to push a button on the dashboard or console to unlock the doors and start the engine. Hackers can take advantage of this by using a cheap relay box to copy and transmit the signal from your key fob while it is still inside your home or in your pocket. This is called a relay attack, and it is very easy for hackers to execute as long as they have a “friend.” Here is how the relay attack works. Each person carries a relay box, which can be purchased for as little as $20 online. The boxes can pick up the radio frequency from a car key fob that is sitting on a table inside, hung up on a key rack, or even resting in a purse. The relay boxes allow one person to stand near the home to pick up and amplify the key fob signal and then transmit it to the second box, which the other person holds outside the door of a car. Once the key fob signal reaches the second box, it unlocks the door, as the car thinks you're holding your key fob nearby. Now the criminals just have to drive away without getting caught and then change the various locks. If you have any computer equipment, smart phones or other valuables inside – you now have real problems. </p>
<p>Can these type attack methods be used to steal your automobile information? Maybe, maybe not. Time will tell; if and how stealing automobile diagnostics occurs. Cyber laws and regulations are always 5-10 steps behind keeping pace with technology and bad hackers’ malicious intentions. The MA pending law addendum will be an example of lawmakers trying to keep up with technology. </p>
<p><strong>About Red Sky Alliance</strong></p>
<p>Red Sky Alliance is in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization and offer RedXray and RedXray-Plus for cyber analysis and protection. For questions, comments or direct assistance, please contact Red Sky directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></p></div>Digital Dealershipshttps://redskyalliance.org/automotive/digital-dealerships2019-12-19T16:49:23.000Z2019-12-19T16:49:23.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3777646652,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3777646652,RESIZE_710x{{/staticFileLink}}" width="280" alt="3777646652?profile=RESIZE_710x" /></a> “Digital dealerships,” as they are now being called, are growing by leaps and bounds and presenting a new avenue for hackers. 2020 and the next decade is set for an even higher technological step into the digital space. Traditional brick-and-mortar dealers, who are struggling with inside cyber threats and vulnerabilities, are now looking outside traditional car sales to find innovative ways to reach customers.<a href="#_ftn1">[1]</a> This adds and even higher dimension to the potential threats to their networks. </p>
<p>The growth of the “Subscription Model” is already being deployed. Over the past two decades, the average car loan has remained steady at five years, but now dealers are seeing a shift towards longer-term loans. Cars are better and people are keeping them longer, which drives down the demand. On the negative side, people are having to abandon their loans due to being underwater. This is where the new subscription model comes into play, which offers customers an alternative option to free themselves from long term lease commitments and drive what they want, when they want. Clever, huh?</p>
<p>This new subscription model will likely undergo rapid growth into 2020 and beyond, since it provides drivers the freedom and flexibility to use multiple vehicles, while simultaneously giving brick-and-mortar dealers another avenue to reduce their inventories. An alternative to owning or leasing a vehicle, subscription platforms like Clutch, Flexdrive and Drive It Away, benefit dealers by prompting repeat customer visits for things like subscription renewals and vehicle servicing. Much of this will be through mobile apps, which may not be the best. Every time a customer renews their “subscription,” they communicate with a dealer via the Internet. From a dealer’s perspective, the subscription model allows dealerships to continually keep in contact with their customers, building better lifetime relationships over the long run. On the downsize, it offers yet another avenue for malicious cyber activity.</p>
<p>Independent Digital Platforms are additionally gaining steam. Brick-and-mortar dealerships have consistently spent a tremendous amount of money advertising with massive, third-party aggregators like Autotrader and Cars.com. These businesses have huge overhead due to the operating costs associated with them. So they are subsequently creating an opening in the market for something smaller and nimbler, like a simple app that creates a digital marketplace where customers can transact where and how they want. Essentially, digital retailing that ebbs and flows with how consumers naturally interact. Apps are great, but again create cyber vulnerabilities. Cyber researchers have already witnessed this new surge of independent digital platforms. One example is Carvana, a website that features a wide variety of cars and facilitates the entire transaction from start to finish. The website offers dozens of makes and models with the hook, “A Better Way to Buy a Car.” This is a truly appealing offer for a generation of digital-first millennials who are increasingly connected to their smart phones.</p>
<p><strong>Seamless Insurance Coverage for Carsharing </strong></p>
<p>Carsharing is projected to hit an all-time high in 2020, rising to 12 million members by next year. Just as customers switch between Hulu, Netflix, and Amazon for their streaming services, car drivers may use various platforms like Getaround and Turo, that allow urban customers to use an app for car-sharing as needed (for the day or even just a few hours). To be honest, a driver in Los Angeles is going to need a different type of car-share program than someone in New York City. But a higher concern is; how do customers acquire insurance that supports them throughout their mobility journey?</p>
<p>As new opportunities to share vehicles arise, there will be a need for all-encompassing insurance that offers seamless coverage, no matter what car a customer is driving or what carshare company they are using. From 2020 and beyond, drivers will see more insurance options like non-owner umbrella programs geared toward customers that drive other people’s cars. These new insurance provider options have the capacity to offer affordable rates at half or even a third of normal insurance costs. These options will likely be a new app, which again pushes vulnerabilities upward. </p>
<p>Traditional auto dealers should be aware of these new emerging options in 2020 and beyond. This this “Brave New Auto Dealership World,” comes with heightened and serious cyber security concerns. In addition to the surging subscription model, arrival of agile digital marketplaces, and necessity of tailored insurance policies, there will be increasingly more ways for current brick-and-mortar dealerships to evolve alongside their digital counterparts in this coming year.</p>
<p>This brave new world presents cyber threats and vulnerabilities never seen in the auto sales environment. Red Sky Alliance and our RedXray and RedXray+ tool will help your IT providers with the proactive protections needed to support you into the digital age. </p>
<p>Red Sky Alliance is in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or support, please contact our corporate office at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.cbtnews.com/how-the-growth-of-digital-dealerships-is-pushing-traditional-auto-dealers-to-rethink-their-strategies/">https://www.cbtnews.com/how-the-growth-of-digital-dealerships-is-pushing-traditional-auto-dealers-to-rethink-their-strategies/</a></p></div>REDXRAY TRIAGE REPORT – Indicators of Compromise Found for Major US Automotive Dealershiphttps://redskyalliance.org/automotive/redxray-triage-report-indicators-of-compromise-found-for-major-us2019-11-22T16:20:20.000Z2019-11-22T16:20:20.000ZAustin Talbothttps://redskyalliance.org/members/AustinTalbot<div><p><strong>Summary</strong></p><p>RedXray is a daily cyber threat notification service through Red Sky Alliance that simplifies cybersecurity monitoring for organizations and supply chains. This document summarizes threats reported by RedXray for RumbleOn Inc. over the past three years. In this timeframe, data from multiple collection indices was observed. RumbleOn is currently trading while up 10.8%.<a href="#_ftn1"><sup>[1]</sup></a> Increased cyber targeting can occasionally be seen during times of economic success.</p><p>Raw data is also available in companion .CSV files.</p><p><strong><a href="{{#staticFileLink}}3729820497,RESIZE_710x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3729820497,RESIZE_710x{{/staticFileLink}}" width="232" height="130" alt="3729820497?profile=RESIZE_710x" /></a></strong><strong>Details</strong></p><p>RumbleOn Inc. is an American online automotive retailer headquartered in Coppel, Texas. The company currently appears to be in a period of growth, recently adding a VP of Strategy and Business Development and Director of Technology to their leadership team. </p><p>RedXray “hits” are derived from primary sourced intelligence collections and take inputs from customer infrastructure, such as domains and IPs. The following is an example of the RedXray dashboard displaying threats for domains, networks and companies associated with RumbleOn Inc.</p><p> <a href="{{#staticFileLink}}3729840664,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3729840664,RESIZE_710x{{/staticFileLink}}" width="710" alt="3729840664?profile=RESIZE_710x" /></a></p><p> </p><p>RedXray focuses on four general categories: Malware Infections, Data breaches, Malicious emails, and Phishing. The following are examples for RumbleOn Inc. with context and general mitigations.</p><p> </p><p><strong><u>RECENT DATA (< 6 MONTHS AGO):</u></strong></p><ul><li><strong>Data Breaches & Leakage</strong></li></ul><p>This includes any sensitive data that has been compromised whether as a result of malware infection or a 3rd party database breach. Breach data can come from several other sources on the deep and dark webs. At this time, there is no related breach data for RumbleOn’s domain rumbleon.com within RedXray.</p><p><strong><em>What does this mean?</em></strong></p><p>Depending on the nature of the leaked database, exposed information may vary from just email addresses, to username and password combinations and other personally identifiable information (PII). RedXray contains the raw breach data so you can easily view what type of data has been exposed. If the breach data contains passwords, then Red Sky Alliance recommends enforcing a password reset and investigating whether there has been unauthorized access of the account.</p><p> </p><ul><li><strong>Malware Infections</strong></li></ul><p>RedXray can identify possible malware installation using either our botnet tracker collection, sinkhole_traffic collection, or keylogger collection. In many cases, it can also identify the malware protocol resulting in <u>high confidence</u> hits. The following shows botnet related hits for RumbleOn. Respective IP addresses have been redacted for privacy.</p><p><a href="{{#staticFileLink}}3729874814,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3729874814,RESIZE_710x{{/staticFileLink}}" width="710" alt="3729874814?profile=RESIZE_710x" /></a></p><p><strong><u>HISTORICAL DATA (> 6 MONTHS AGO):</u></strong></p><ul><li><strong>Malware Infections Continued</strong></li></ul><p>RedXray can identify possible malware installation using either our botnet tracker collection, sinkhole_traffic collection, or keylogger collection. In many cases, it can also identify the malware protocol resulting in <u>high confidence</u> hits. The following shows keylogger related hits for a mail server which RumbleOn uses for email communication.</p><p><a href="{{#staticFileLink}}3729888122,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3729888122,RESIZE_710x{{/staticFileLink}}" width="710" alt="3729888122?profile=RESIZE_710x" /></a><strong><em>What does this mean?</em></strong></p><p>If your IP address or domain is found in botnet tracker, it means that it was seen in a communication with a malicious endpoint. This does not automatically indicate a malware infection as there are a number of reasons why two IP addresses might communicate. For keylogger related activity, the traffic may be the result of a captured weblog or clipboard data captured by a keylogger. All traffic should first be inspected before escalating to incident responders. Red Sky Alliance can help with support.</p><p> </p><ul><li><strong>Malicious Emails</strong></li></ul><p>It is good to be aware of malicious email campaigns targeting your organization because it serves as an early warning. If your domain or IP address shows up in this collection, then it was observed in the header of an email that has been identified as malicious (1 or more AntiVirus detection). The following is an example of an IP address belonging to the RumbleOn email service provider being targeted with malicious emails.</p><p><a href="{{#staticFileLink}}3729912707,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3729912707,RESIZE_710x{{/staticFileLink}}" width="710" alt="3729912707?profile=RESIZE_710x" /></a><strong><em>What does this mean?</em></strong></p><p>It should be noted that some AV vendors classify emails as malicious when they are benign. All malicious emails hits only indicate targeting, not malware infections or data-loss. Since the above is an example where an email server was targeted, it is important to note that this does not necessarily mean RumbleOn is directly being targeted by a malicious email, but that the RumbleOn email service provider is hosting mail servers on which malicious emails are being relayed.</p><p> </p><ul><li><strong>Pastebin</strong></li></ul><p>Pastebin is a site used by bad actors to post data, which may be sensitive, for others to view it freely. Oftentimes the hacking group Anonymous will use Pastebin to list targets for the group’s members to attack. The following are examples of Pastebin hits in which RumblOn’s IP address was mentioned.</p><p><a href="{{#staticFileLink}}3729948722,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3729948722,RESIZE_710x{{/staticFileLink}}" width="710" alt="3729948722?profile=RESIZE_710x" /></a><strong><em>What does this mean?</em></strong></p><p>A Pastebin hit simply means your information was observed in a paste on pastebin.com. There are numerous reasons information would be contained in a paste – some malicious and some benign. Each Pastebin hit must be individually analyzed to determine context.</p><p> </p><ul><li><strong>Phishing</strong></li></ul><p>Phishing attacks are responsible for a large amount of compromised credentials. Our Threat-Recon collection aggregates phishing data and we allow searching of keywords in this data set in order to identify both targeted phishing attacks and spoofed URLs. The following shows related phishing hits for the IP address on which Rumbleon.com is hosted. IP address redacted here for privacy.</p><p><strong><em><a href="{{#staticFileLink}}3729925087,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3729925087,RESIZE_710x{{/staticFileLink}}" width="710" alt="3729925087?profile=RESIZE_710x" /></a></em></strong><strong><em>What does this mean?</em></strong></p><p>If you receive a phishing hit (ThreatRecon) in RedXray then the first step is to first identify if the phishing campaign is targeting an organizational account or targeting the organizations customers. Red Sky Alliance can assist in providing context to these hits.</p><p> </p><p><strong>Conclusion</strong></p><p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</p><p>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at (888)-(RED)-(XRAY) or (888)-733-9729, or email <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p><p><em>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a><br /> Twitter: <a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></em></p><p> </p><p><a href="#_ftnref1">[1]</a> <a href="https://www.nasdaq.com/articles/thursday-sector-leaders%3A-precious-metals-auto-dealerships-2019-11-14">https://www.nasdaq.com/articles/thursday-sector-leaders%3A-precious-metals-auto-dealerships-2019-11-14</a></p><p> </p><p>Link to Full report: <a href="{{#staticFileLink}}3729981205,original{{/staticFileLink}}">RTT - RumbleOn Automotive (Redacted).pdf</a></p></div>Dealership M&A Cyber Vulnerabilitieshttps://redskyalliance.org/automotive/dealership-m-a-cyber-vulnerabilities2019-11-17T16:33:49.000Z2019-11-17T16:33:49.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><strong>Summary</strong></p>
<p>RedXray is cyber threat notification service though Red Sky Alliance that simplifies cybersecurity monitoring for organizations and supply chains. This document summarizes threats reported by RedXray for Lithia Motors Incorporated (Inc.) over the past three years. In this timeframe, data from multiple collection indices was observed. Lithia Motors Inc. is in the process of three Tampa Bay, FL dealerships for nearly $40 million. Lithia, based in Medford, Ore., will purchase Wesley Chapel Toyota and Wesley Chapel Honda from the Williams Automotive Group. Cyber vulnerabilities multiple when mergers and acquisitions are in process. </p>
<p>Raw data is also available in companion .CSV files.</p>
<p><strong>Details</strong></p>
<p>Lithia Motors Incorporated is an American nationwide automotive retailer headquartered in Medford, Oregon. It is the third largest automotive retailer in the US. In 2015, Lithia Motors broke into the Fortune 500 list at #482.</p>
<p>RedXray “hits” are derived from primary sourced intelligence collections and take inputs from customer infrastructure, such as domains and IPs. The following is an example of the RedXray dashboard displaying threats for domains, networks and companies associated with Lithia Motors Inc.</p>
<p><a href="{{#staticFileLink}}3717248643,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3717248643,RESIZE_710x{{/staticFileLink}}" width="710" alt="3717248643?profile=RESIZE_710x" /></a>RedXray focuses on four general categories: Malware Infections, Data breaches, Malicious emails, and Phishing. The following are examples for Lithia Motors with context and general mitigations.</p>
<p><strong><u>RECENT DATA (< 6 MONTHS AGO):</u></strong></p>
<ul><li><strong>Data breaches & leakage</strong></li>
</ul><p>This includes any sensitive data that has been compromised whether as a result of malware infection or a 3rd party database breach. Breach data can come from several other sources on the deep and dark webs. The following are examples of breach data captured for Lithia Motors:</p>
<p><strong><em><a href="{{#staticFileLink}}3717252364,RESIZE_710x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3717252364,RESIZE_710x{{/staticFileLink}}" width="563" alt="3717252364?profile=RESIZE_710x" /></a></em></strong></p>
<p><strong><em>What does this mean?</em></strong></p>
<p>Depending on the nature of the leaked database, exposed information may vary from just email addresses, to username and password combinations and other personally identifiable information (PII). RedXray contains the raw breach data so you can easily view what type of data has been exposed. If the breach data contains passwords, then Red Sky Alliance recommends enforcing a password reset and investigating whether there has been unauthorized access of the account. In this case, passwords are included in the breach data but redacted above for privacy.</p>
<p><strong><u>HISTORICAL DATA (> 6 MONTHS AGO):</u></strong></p>
<ul><li><strong>Malware infections</strong></li>
</ul><p>RedXray can identify possible malware installation using either our botnet tracker collection, sinkhole_traffic collection, or keylogger collection. In many cases, it can also identify the malware protocol resulting in <u>high confidence</u> hits. The following shows botnet related hits for Lithia Motors.</p>
<p><a href="{{#staticFileLink}}3717256400,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3717256400,RESIZE_710x{{/staticFileLink}}" width="710" alt="3717256400?profile=RESIZE_710x" /></a></p>
<p>The following shows captured Keylogger data for Lithia Motors in which Lithia Motors was seen mentioned in the web address of a keylogged web portal, or in which Lithia Motors email accounts were seen logging in to a keylogged web portal:</p>
<p><a href="{{#staticFileLink}}3717256981,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3717256981,RESIZE_710x{{/staticFileLink}}" width="710" alt="3717256981?profile=RESIZE_710x" /></a></p>
<p><strong><em>What does this mean?</em></strong></p>
<p>If your IP address or domain is found in botnet tracker, it means that it was seen in a communication with a malicious endpoint. This does not automatically indicate a malware infection as there are a number of reasons why two IP addresses might communicate. For keylogger related activity, the traffic may be the result of a captured weblog or clipboard data captured by a keylogger. All traffic should first be inspected before escalating to incident responders. Red Sky Alliance can help with support.</p>
<ul><li><strong>Malicious Emails</strong></li>
</ul><p>It is good to be aware of malicious email campaigns targeting your organization because it serves as an early warning. If your domain or IP address shows up in this collection, then it was observed in the header of an email that has been identified as malicious (1 or more AntiVirus detection). The following is an example of an IP address belonging to the Lithia Motors email service provider being targeted with a malicious email.</p>
<p><a href="{{#staticFileLink}}3717258164,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3717258164,RESIZE_710x{{/staticFileLink}}" width="710" alt="3717258164?profile=RESIZE_710x" /></a></p>
<p><strong><em>What does this mean?</em></strong></p>
<p>It should be noted that some AV vendors classify emails as malicious when they are benign. All malicious emails hits only indicate targeting, not malware infections or data-loss. Since the above is an example where an email server was targeted, it is important to note that this does not necessarily mean Lithia Motors is directly being targeted by a malicious email, but that the Lithia Motors email service provider is hosting mail servers on which malicious emails are being relayed.</p>
<ul><li><strong>Pastebin</strong></li>
</ul><p>Pastebin is a site used by bad actors to post data, which may be sensitive, for others to view it freely. Oftentimes the hacking group Anonymous will use Pastebin to list targets for the group’s members to attack. The following are examples of Pastebin hits in which Lithia Motors email users were mentioned.</p>
<p><a href="{{#staticFileLink}}3717260691,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3717260691,RESIZE_710x{{/staticFileLink}}" width="710" alt="3717260691?profile=RESIZE_710x" /></a></p>
<p><strong><em>What does this mean?</em></strong></p>
<p>A Pastebin hit simply means your information was observed in a paste on pastebin.com. There are numerous reasons information would be contained in a paste – some malicious and some benign. Each Pastebin hit must be individually analyzed to determine context.</p>
<ul><li><strong>Phishing</strong></li>
</ul><p>Phishing attacks are responsible for a large amount of compromised credentials. Our Threat-Recon collection aggregates phishing data and we allow searching of keywords in this data set in order to identify both targeted phishing attacks and spoofed URLs. The following shows related phishing hits for the IP address on which Lithiamotors.com is hosted.</p>
<p><a href="{{#staticFileLink}}3717261039,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3717261039,RESIZE_710x{{/staticFileLink}}" width="710" alt="3717261039?profile=RESIZE_710x" /></a></p>
<p><strong><em>What does this mean?</em></strong></p>
<p>If you receive a phishing hit (ThreatRecon) in RedXray then the first step is to first identify if the phishing campaign is targeting an organizational account or targeting the organizations customers. Red Sky Alliance can assist in providing context to these hits.</p>
<p><strong>Conclusion</strong></p>
<p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</p>
<p>Red Sky Alliance, formerly known as Wapack Labs, is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at (888)-(RED)-(XRAY) or (888)-733-9729, or email <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p><em>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a><br /> Twitter: <a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></em></p></div>Car Dealers and Politics (Brexit)https://redskyalliance.org/automotive/car-dealers-and-politics-brexit2019-11-14T20:59:36.000Z2019-11-14T20:59:36.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3713241044,RESIZE_710x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3713241044,RESIZE_710x{{/staticFileLink}}" width="275" alt="3713241044?profile=RESIZE_710x" /></a></p>
<p>Lookers, one of Britain’s biggest car dealerships, recently dismissed its CEO and COO, while blaming the Brexit uncertainty for its second profit warning in less than four months.<a href="#_ftn1">[1]</a> The company’s shares plunged by a quarter as it predicted profit would fall by more than two-thirds this year. This prompted the closure of 15 branch dealerships. The C-Suite removals are partially blamed on political and economic uncertainty for falling sales in the three months to the end of September 2019. Like-for-like sales<a href="#_ftn2">[2]</a> of new cars to retail customers dropped 11.5 percent and group like-for-like new car sales fell 3.2 percent.</p>
<p>Back in July 2019, Lookers blamed falling sales entirely on Brexit. Sales of new cars have indeed been hit by consumer wariness over Brexit and the UK economy while demand for used vehicles has suffered from doubts about the future value of diesel cars. Lookers said its new car sales were even lower than the full market, where sales fell 0.6 percent. Lookers’ sales of used cars increased but margins across the group were narrowed.</p>
<p>Lookers reports annual underlying pre-tax profits to fall to about £20m from £67m a year earlier. The new guidance for this year’s profit is about half the £38m analysts were expecting before the warning. The company’s shares fell 25 percent to 37.4 percent after the recent financial announcement. It was Lookers lowest since early 2009 when the UK was in the depths of recession. The departures of the CEO and COO left the chairman running the company. The CFO left last July, which means Lookers entire executive management team has been lost. </p>
<p>Lookers will close 15 branches, which should improve its financial performance and the company said it would try to merge some branches with nearby stores, yet did not comment on probable job reductions. Lookers is also under a UK Financial Conduct Authority investigation of its sales processes. During company downturns, such as with Lookers, signals a vulnerability that attracts hackers. This can happen to any automobile dealership who face its country’s political and economic situation.</p>
<p><strong>Proprietary Collection and Analysis</strong></p>
<p>Red Sky Alliance conduced a RedXray search and found the below data and analysis. RedXray is cyber threat notification service that simplifies cybersecurity monitoring for organizations and supply chains. This document summarizes threats reported by Red Sky Alliance’s RedXray for Lookers Automotive Group over the past three years. In this timeframe, data from multiple collection indices was observed.</p>
<p>Raw data is also available in companion .CSV files.</p>
<p><strong>Details</strong></p>
<p>RedXray “hits” are derived from primary sourced intelligence collections and take inputs from customer infrastructure, such as domains and IPs. The following is an example of the RedXray dashboard displaying threats for domains, networks and companies associated with Lookers Automotive Group.</p>
<p><a href="{{#staticFileLink}}3713242132,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3713242132,RESIZE_710x{{/staticFileLink}}" width="710" alt="3713242132?profile=RESIZE_710x" /></a></p>
<p>RedXray focuses on four general categories: Malware Infections, Data breaches, Malicious emails, and Phishing. The following are examples for Lookers Automotive Group with context and general mitigations.</p>
<p><strong><u>RECENT DATA (< 6 MONTHS AGO):</u></strong></p>
<p><strong>Data breaches & leakage</strong></p>
<p>This includes any sensitive data that has been compromised whether as a result of malware infection or a 3rd party database breach. Breach data can come from a number of other sources on the deep and dark webs. The following are examples of breach data captured for Lookers Automotive:</p>
<p><strong><em>What does this mean?</em></strong></p>
<p>Depending on the nature of the leaked database, exposed information may vary from just email addresses, to username and password combinations and other personally identifiable information (PII). RedXray contains the raw breach data so you can easily view what type of data has been exposed. If the breach data contains passwords, then Red Sky Alliance recommends enforcing a password reset and investigating whether there has been unauthorized access of the account. In this case, passwords are included in the breach data but redacted above for privacy.</p>
<p><strong><u>HISTORICAL DATA (> 6 MONTHS AGO):</u></strong></p>
<p><strong>Malware infections</strong></p>
<p>RedXray can identify possible malware installation using either our botnet tracker collection, sinkhole_traffic collection, or keylogger collection. In many cases, it can also identify the malware protocol resulting in <u>high confidence</u> hits. The following shows a keylogged login portal in which a Lookers Automotive associated email address logged into in May of 2015.</p>
<p><strong><em>What does this mean?</em></strong></p>
<p>If your IP address or domain is found in botnet tracker, it means that it was seen in a communication with a malicious endpoint. This does not automatically indicate a malware infection as there are a number of reasons why two IP addresses might communicate. For keylogger related activity, the traffic may be the result of a captured weblog or clipboard data captured by a keylogger. In this case, it appears Lookers Automotive is being impersonated in the address of a web portal login page designed to record the keystrokes of its visitors. All traffic should first be inspected before escalating to incident responders. Red Sky Alliance can help with support.</p>
<p><strong>Malicious Emails</strong></p>
<p>It is good to be aware of malicious email campaigns targeting your organization because it serves as an early warning. If your domain or IP address shows up in this collection, then it was observed in the header of an email that has been identified as malicious (1 or more AntiVirus detection). The following are examples of Lookers Automotive associated email accounts being directly targeted by emails with malicious attachments.</p>
<p><a href="{{#staticFileLink}}3713249653,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3713249653,RESIZE_710x{{/staticFileLink}}" width="710" alt="3713249653?profile=RESIZE_710x" /></a><strong><em>What does this mean?</em></strong></p>
<p>It should be noted that some AV vendors classify emails as malicious when they are benign. All malicious emails hits only indicate targeting, not malware infections or data-loss. The above image shows Lookers Automotive Group email addresses and domains who previously received malicious emails. However, this does not directly indicate that malware infections have taken place, but that multiple Lookers Automotive associated email addresses were targeted and have received emails with malicious attachments.</p>
<p><strong>Pastebin</strong></p>
<p>Pastebin is a site used by bad actors to post data, which may be sensitive, for others to view it freely. Oftentimes the hacking group Anonymous will use Pastebin to list targets for the group’s members to attack. The following are examples of Pastebin hits in which Lookers Automotive email users were mentioned.</p>
<p><strong><em>What does this mean?</em></strong></p>
<p>A Pastebin hit simply means your information was observed in a paste on pastebin.com. There are numerous reasons information would be contained in a paste – some malicious and some benign. Each Pastebin hit must be individually analyzed to determine context.</p>
<p><strong>Phishing</strong></p>
<p>Phishing attacks are responsible for a large amount of compromised credentials. Our Threat-Recon collection aggregates phishing data and we allow searching of keywords in this data set in order to identify both targeted phishing attacks and spoofed URLs. RedXray does not show phishing hits for Lookers Automotive Group at this time.</p>
<p><a href="{{#staticFileLink}}3713251147,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3713251147,RESIZE_710x{{/staticFileLink}}" width="710" alt="3713251147?profile=RESIZE_710x" /></a></p>
<p><strong><em>What does this mean?</em></strong></p>
<p>If you receive a phishing hit (ThreatRecon) in RedXray then the first step is to first identify if the phishing campaign is targeting an organizational account or targeting the organizations customers. Red Sky Alliance can assist in providing context to these hits.</p>
<p><strong>Conclusion</strong></p>
<p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</p>
<p>Red Sky Alliance is located in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at (888)-(RED)-(XRAY) or (888)-733-9729, or email <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p><em>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a><br /> Twitter: <a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></em></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.theguardian.com/business/2019/nov/01/bosses-leave-car-dealer-lookers-as-brexit-blamed-for-profit-warning">https://www.theguardian.com/business/2019/nov/01/bosses-leave-car-dealer-lookers-as-brexit-blamed-for-profit-warning</a></p>
<p><a href="#_ftnref2">[2]</a> Like-for-like sales is an adjusted growth metric that only includes revenues generated from organically comparable stores or products with similar characteristics and historical sales periods of operation.</p></div>