Cybersecurity incidents targeting the automotive and mobility sectors spiked nearly 50% in early 2025, a new analysis shows, highlighting an alarming trend where ransomware, data breaches, and vehicle vulnerabilities are rapidly reshaping the industry’s risk landscape — much of it still hidden from public view.
A Sharp Rise in Automotive Cyberattacks: The Tip of the Iceberg
The automotive and mobility industries are facing an unprecedented surge in cyber threats, with the first quarter of 2025 recording a nearly 50% jump in security incidents compared to the previous year.
According to a recent report by Upstream Security, 148 publicly disclosed incidents were tracked in just the first three months of the year. If this pace continues, it will easily surpass the 409 incidents reported throughout the entirety of 2024. Yet experts warn that the true scale of the threat remains vastly underreported.
Yaniv Maimon, vice president of cyber services at Upstream says that what’s published on the Clear Web is just the absolute tip of the iceberg, there’s a lot happening in the deep and Dark Web that companies don’t disclose.
Many victims choose not to report cyberattacks to protect brand reputation or due to legal risks, making the publicized numbers only a shadow of the actual threat landscape.
Ransomware Targets Automotive Giants: From Dealerships to Vehicle Controls
Of the incidents reported in the first quarter, 45% were ransomware attacks, confirming ransomware’s dominance as the primary cyber threat to automotive companies.
One major breach involved Tata Technologies, a major India-based automotive and aerospace service provider. In January 2025, the company suffered a ransomware attack claimed by Hunters International, who subsequently leaked over 730,000 internal files (1.4 terabytes) onto the Dark Web after a prolonged standoff.
Cybercriminals often employ infostealers to extract credentials from employees and then sell these credentials to attackers capable of weaponizing them. Such credentials can allow threat actors to impersonate OEM employees or dealers, access sensitive customer data, and in extreme cases, even remotely control or monitor vehicles.
Maimon warned that through stolen OEM credentials, attackers might gain access to vehicle locations, VIN numbers, and potentially even issue commands to vehicles, heightening concerns over both data privacy and physical safety.
Alarmingly, Upstream found that 26% of incidents this year involved risks that could have directly impacted moving vehicles, and 57% of incidents were classified as “high” or “massive” risk events, meaning they could affect thousands to millions of vehicles globally.
The Rising Threat of EV Chargers and a Quadrupling of Threat Actors
Electric vehicle (EV) infrastructure is emerging as a critical new target. EV chargers accounted for 15% of security incidents in the first quarter, up from 6% in 2024, reflecting a 39% year-over-year rise.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
Although no major cyberattacks on EV chargers were documented yet, researchers have identified vulnerabilities and exploits during lab testing, raising red flags for future real-world incidents.
The automotive cyber threat landscape is expanding not just in volume but also in sophistication. Upstream’s data shows the number of threat actors focused on automotive and mobility targets has quadrupled in just one year, rising from around 300 actors to over 1,100 today.
It’s a gold rush, Maimon said. Threat actors are swarming toward the automotive sector because they see massive financial and operational opportunities.