Car dealerships are prime targets for hackers eager to exploit weak security and access a treasure trove of financial data and gain access to third-party vendor supply chains.
According to Tuesday report posted to AT&T Cybersecurity’s blog, cybercriminals are zeroing in on car dealerships considering them easy targets for a cyberattack. Attack vectors include, “outdated IT infrastructure and lacks sufficient processes in terms of protecting employee login details,” according the report.
Adding to the mix of security issues is the increasingly sophisticated number of computer-based diagnostic tools used in auto repair bays and computer systems in car dealer back offices. That has adversaries revving their hacker engines ready to attack, said Theresa Lanowitz, head of cybersecurity evangelism at AT&T Business.
“Employees in a car dealership may have lax security hygiene which means it’s even easier for adversaries to launch attacks. And car dealerships have repair bays with internet connected devices. These devices, if breached, also offer an adversary a way into the network to potentially execute nefarious activities,” Lanowitz said.
Those attack surface weak spots are low-hanging fruit for attackers to easily plant malware, eavesdrop on insecure Wi-Fi connections or exploit poor password hygiene.
No such thing as cybersecurity airbags
The danger is not theoretical for dealerships or vendors connected to dealerships who could also be put at greater risk. In a separate report out this week, researcher Eaton Zveare detailed a severe vulnerability he found in the web portal of Toyota’s global supplier management network.