The Italian based luxury car manufacturer Ferrari S.p.A reported a ransomware attack on their system and it seems that the personal information of their valued customers were compromised.
Ferrari’s statement on the incident
Ferrari S.p.A. issued a statement on 21st March, 2024 stating that “Ferrari has been attacked by ransomware and a ransom threat was made baiting their customers’ data”.
The ransom attackers demanded money in exchange for the data. But the Ferrari spokesperson said that “no such demands of the cyber criminals will be fulfilled and they have no intention of giving them money”.
Ferrari also noted that funding the criminals will encourage and arm them to make more advanced cyber attacks in the future.
Intriguing part is that Ferrari did not reveal the perpetrators identity and the cause of the incident was also not revealed.
Investigations over stolen data
Client’s name, client’s address, phone number and email address were the only details stolen by the cyber criminals. Bank account number, credit card number and other purchase related information were not stolen — as they have informed their customers of the situation at hand.
They further clarified apart from the client’s information, the other systems were not hacked. They say that the operational functions were intact and there are no problems in the operations”.
After this incident, Ferrari is collaborating with a leading cyber security organisation and investigating the incident. They said in the statement that they are going to dig deeper into the incident.
A cyber security firm is collaborating with Ferrari to analyse the security weak spots and to improve the cyber security measures to avert any such incidents in the near future.
RansomEXX
In October 2022, Ferrari was exposed by RansomEXX (a ransomware group) as a victim of ransomware attack. This took place four days after the Ferrari #Formula 1 and Bitdefender signed a partnership deal.
RansomEXX released a list of victims who have been affected by their ransomware attack — which also includes Ferrari. When asked about it, Ferrari denied that there are no such breaches in their system security.
They allegedly reported that 7GB of data was stolen from the ransomware attack and it includes important details such as contracts, payment details, internal information, and repair manuals.
RansomEXX has been targeting large companies and making ransom demands. Recently, they have hacked a health care charity — which made news headlines.
Automobile brands – more vulnerable to cyber attacks
Cyber criminals are basically human beings who use computers to fulfil their greed. So, their target will be the high profit generating sector. Thus automobile manufactures are one of the high income sector in the manufacturing industry.
Upstream a cyber security platform revealed that there is a 225% increase in the number of cyber attacks from 2018 to 2021 in their fourth annual Automotive Cybersecurity report.
They have also revealed that the attacks were mostly three types — Ransomware threats, hacking car control systems and break-ins and data breach.
It is predicted that by 2024, the car manufacturing industries will face a loss of nearly $505 billion as a result of the targeted cyber attacks.
Research revealed that many top car companies have security vulnerabilities which can be a potential threat for their business. In this research they have pointed out the areas that are vulnerable to cyber attacks and have provided solutions to deal with them.
As car companies are moving towards automation and cyber adaptations, they need to be more updated with present day cyber security measures.
