Ransomware surges across auto industry
Share
Cybersecurity risks across automotive and smart mobility escalated in 2025 as ransomware surged and artificial intelligence expanded the attack surface, according to a recent analysis.
Upstream’s 2026 Global Automotive and Smart Mobility Cybersecurity Report analyzed 494 publicly reported incidents across the ecosystem and found two converging trends. First, AI architectures and API‑centred designs have created new entry points and systemic exposures from vehicles to cloud backends. Second, financially motivated, well-resourced and coordinated attack groups intensified activity, driving a sharp rise in ransomware that disrupted OEMs, suppliers and production systems.
Upstream says ransomware was one of the fastest growing and most disruptive attack types in 2025, accounting for 44 per cent of incidents, more than double 2024. One of the year’s largest events, a cyberattack on a European automaker, paralyzed production and enterprise systems for weeks, triggered local government support and rippled through suppliers, with evidence of impact visible in GDP.
The report also documented how ransom schemes are moving beyond enterprise IT into vehicles. In mid 2025, attackers accessed remote vehicle command and control through a companion app, locked owners out, manipulated functions such as ignition and door locks, and demanded payment to restore access.
“The automotive industry is an early adopter of Physical AI, and as AI capabilities rapidly expand across markets, it now serves as the reference architecture for safety‑critical, highly connected systems,” said Yoav Levy, co‑founder and CEO of Upstream. “However, AI is also enabling attackers to move faster, at greater scale, and with more automation while the industry is still relying on security models built for a far more static world.”
He added that the report found that AI is “significantly” expanding cybersecurity attack surface, “as traditional perimeter defenses no longer suffice when AI systems adapt dynamically and directly influence physical outcomes.”
Backend servers and APIs emerged as primary weak points as interconnectivity among vehicles, cloud platforms and apps increased. Frequent over‑the‑air updates and the rapid uptake of generative AI and large language models added complexity that can magnify small defects into systemic incidents.
Additional findings include:
- 71% of incidents were attributed to black hat actors, up from 65 per cent in 2024.
- 92% of automotive cyberattacks were conducted remotely. Of those, 86 per cent did not require physical proximity to vehicles or systems.
- 67% of incidents involved telematics and cloud systems as attack vectors, with APIs acting as the nervous system that enabled a significant portion of cases.
- 68% of incidents involved data and privacy breaches, while 34 per cent focused on business and operational disruption.
- 61% of incidents had the potential to affect thousands to millions of mobility assets, and 20 per cent were massive-scale events.
Upstream noted that the widening gap between adversary capability and the industry’s current posture demands a shift from perimeter‑based models to continuous detection and response tailored to connected vehicles, physical AI and smart mobility. The report includes analysis of deep and dark web activity related to automotive threats, a review of regulatory developments, and ways AI can be incorporated into resilience.
Leave a Reply