We’ve written before on how the manufacturing sector and its interconnected operational technology (OT) and information technology (IT) present considerable opportunities for threat actors to abuse the sector’s systems unless amended by discrete security technology, such as air-gapping.

The same can be said for one of manufacturing’s most visible offshoots, the automotive sector. With cars in constant demand (global sales reached 74.6 million units sold in 2024), production won’t be stopping anytime soon. Moreover, with some countries’ gross domestic product (GDP) depending on mass vehicle production, governments will want to support this industry’s continued importance — including its security.

Key points of this article:

  • Car unit production and sales are counted in tens of millions globally.
  • Countries depend on GDP-enriching car makers and suppliers to support their economies, creating protected industries.
  • Economic and geopolitical uncertainties prove to be major hurdles for car manufacturing, reliant on stable and secure supply chains.
  • As an inherently exploitable, high-value industry, the automotive sector must focus on building up proprietary tailor-fit security to tackle cyberattacks capable of crippling their OT and IT systems.

Driven to succeed

The largest automakers from the United States, Europe and Japan all have a global footprint. Companies like Toyota have factories all around the world, with complex just-in-time (JIT) logistics, transporting parts across vast supply chains involving several different supply-side manufacturers.

Aligning parts orders directly with production schedules creates a delicate situation easily disrupted by even the shortest delivery delays. What’s more, as demonstrated by the 2020-2023 global chip shortage, even the smallest parts can derail entire vehicle lines and trims, preventing vehicles from being sold feature-complete.

Another factor to consider is today’s geopolitical reality. Regional stability is tantamount to the provision of a healthy economic environment to spur development. Building a manufacturing plant in a warzone or in a country with an unreliable government ready to seize foreign assets wouldn’t prove to be a sound investment. 

Bumps in the road

The auto industry can’t exist separately from the external realities banging on its door, so it must make do with what it’s got — operate across different political landscapes and economic realities. But while these present individual challenges to be solved by regional offices and teams, the digital threat landscape is global and ready to pounce at any opportunity.

During 2017’s WannaCry ransomware outbreak, the automotive sector was no stranger to infection cases; a well-known French-Japanese automotive alliance was forced to halt production at five facilities because its plants with legacy systems were particularly affected due to WannaCry abusing an EternalBlue exploit within older Windows systems, which are still popular and often used within the industry for production control.

Some types of ransomware are specifically designed to lay siege to industrial control systems and networks, like Ekans.

Likewise, in 2022, Japan’s largest automaker suffered a halt in production across 28 manufacturing lines and 14 plants due to a supplier system failure owing to a ransomware attack against its plastic parts and electronic components provider.

Later, in 2024, a German steel giant’s automotive division suffered a ransomware attack, one of many throughout the years. As a preventive move, the company took some of its systems offline, working to contain any potential malicious activity. This was the right move, as evidenced by the company’s successful early blocking of the malware.

Lastly, in 2025, British automaker Jaguar Land Rover had its operations severely disrupted by a cyberattack, allegedly committed by the Scattered Lapsus$ Hunters, an amalgamation of hackers from several known advanced persistent threat (APT) groups that were responsible for attacks against major industrial entities in the UK.

Hacked in the fast lane

Why target car manufacturers and their suppliers, specifically? Here are a few reasons:

  1. Supply chain exploitability: Manufacturing supply chains are complex, with varying company sizes and security measures. Large plants might sport enterprise-grade protection, but smaller cogs in the machine likely don’t, opening the door for attackers to abuse their spots in the chain.
  2. Extended networks: The wider supply chain also involves dealerships and local partners, whose access to sensitive customer details represents further opportunities for extortion or identity theft.
  3. Cyber espionage: Money isn’t the only factor for an attack. Industrial secrets related to expensive proprietary technologies are just as enticing. By stealing corporate secrets and selling them on the black market, less scrupulous competitors could get ahead without costly internal R&D.
  4. Sabotage: Many car manufacturers also produce military equipment, the crippling of which could have disastrous consequences for wartime logistics. 
  5. OT, IT and connectivity: Due to an increase in digitalization, production operations are ever so closely linked with IT networks. This opens OTs to external access, which when combined with vulnerable legacy systems, could easily allow threat actors to penetrate them and cause long-term disruption.

Gearing up for security

Now the question is, what’s easier, halting production across facilities to remediate an incident or preventive action to avoid an incident in the first place?

That question is slightly misleading — the threat landscape is highly variable, so there’s no one-size-fits-all strategy to combat every single tactic, technique or procedure (TTP) that malicious entities may use. 

In fact, a singular APT such as Mustang Panda can deploy multiple TTPs per attack life cycle.

However, this doesn’t mean that threats cannot be curtailed, and in fact, minimizing the attack surface is a surefire way to lower the likelihood of a breach. This is particularly useful for multinational automotive companies, whose footprints demand extensive coverage.

Steering clear of cyber threats

One of ESET’s automotive partners from Italy, Raicam (specialized in the production and design of brakes, clutches and actuators), understood this perfectly. Its leadership figured that the duress a cyberattack would cause its internal teams and budget would be best avoided preemptively. With several international offices, Raicam needed a solution that would enable high-level global coverage.

Raicam’s story exemplifies the struggle automotive leadership might find itself in. Continuous satisfaction of the supply chain demands uninterrupted production; it’s basically a requirement to remain inside JIT logistics.  

Thus, the manufacturer opted for a flexible yet lightweight security suite combined with professional expertise, all provided by the ESET PROTECT Platform and the ESET MDR service. With such strong security management, Raicam can further nurture relationships with customers, acing security audits with ease.

Also, people won’t want to work for a factory that can’t guarantee the security of their data or their salaries if security impacts halt production. Therefore, such investments should satisfy partners and employees alike.

As it stands, Raicam now benefits from a high-performing solution without the need to acquire or maintain additional internal resources. ESET’s 24/7 MDR service has also allowed the company to keep track of its network security status, without risking interruption due to lack of staff. The result is a more efficient use of budget, greater interaction between the IT department and individual production sites, an improved market position as well as regulatory compliance.

Cybersecurity is an expense that guarantees the stability of daily business. Putting on a blindfold while roaming through the threat landscape jeopardizes the inherent trust placed in manufacturing partners.

No malware under the hood

The threat landscape, geopolitics and a slow economy make for a mix of unpredictability.

However, if at least one aspect, like cybersecurity, can be put in order, it could positively affect a car manufacturer’s market positioning. The manufacturer would become more reliable (raising trust), productive (respecting contracts and requests) and compliant with regulatory demands. Saying the quiet part out loud, its budget would see positive returns on investment, increasing profitability.

In short, cybersecurity becomes the lever that turns uncertainty into competitive advantage — protecting operations, reputation and the bottom line all at once.

Discover how ESET Threat Intelligence can help the automotive industry survive in the changing threat landscape and meet various cybersecurity standards by reading our factsheet below.