From the published accounts, there seems to be an uptick in
attacks against the automakers. This could be focused on their sales platform,
data warehouse, R&D, or other areas holding some form of data. Nissan was a
recent victim as Hyundai India is.
Recently the automaker published a breach through their
defenses. The breach allowed the attacker(s) in and allowed them to find data
or other useful (e.g., expensive) data. The attacker’s focus for this
successful attack had been sensitive customer information (i.e., names,
addresses, email addresses, telephone numbers, vehicle specifics, and other
client data points) for Hyundai India customers only. A portion of the data is
very useful. Other data (e.g., registration numbers, colors, engine numbers,
and mileage) could also be used for fraud or other cases of misuse.
This has been corrected; however, the events do provide
guidance for us. Even if the business is large and global, there is still the
need for SAST and DAST. There are areas and dependencies the programmers will
do their best to account for and state it’s good, but it just takes one or two
vulnerable areas in all the code to create an issue and RUE (Resume Updating
Event).
Services
Enterprise and Embedded System Cybersecurity Engineering & Architecture
Red Team Product Pentesting | HW & SW BoMs | CBoM |
Vulnerability Management | Tabletop Exercises (TTX) |
Embedded Systems Architecture | Threat Intelligence |
TARA (Threat Assessment and Remediation Analysis) |
Supply Chain Cybersecurity Review
Reverse Engineering
charles.parker@mielcybersecurity.net 810-701-5511
No comments:
Post a Comment