since 1976
since 1976
Modern cars have become ever more complex digital devices, with extensive remote communication capabilities and malicious attacks that can target not only them directly but also the systems to which they are connected. Against this backdrop, Kaspersky is sharing its cyberthreat forecast for the automotive industry in 2026.
Attacks on automakers' infrastructure
In 2026, attacks by financially motivated malicious actors will continue, primarily using ransomware. The goal of such attacks is to encrypt a victim's files, systems, or entire networks, rendering them inaccessible, for the attacker to then demand a ransom payment (usually in cryptocurrency) in exchange for providing the decryption key or restoring access. New leaks (of confidential user data and vehicle movements) from automaker infrastructures may also be revealed.
Another important vector is supply chain attacks on automaker infrastructure through hacking contractors' systems, with the aim of disrupting critical systems and causing financial losses. Security audits regularly conducted by Kaspersky identify vulnerabilities that can be exploited for such attacks.
Attacks on taxi infrastructure and fleets, car sharing services, transport and logistics companies
Personal data theft and the disruption of critical systems. Financially motivated attackers are primarily interested in users' personal data and access to their accounts. Ransomware cyberattacks aimed at disrupting critical systems and causing financial losses to companies are also possible.
Remote car locking. This is a high risk, as carsharing and taxi companies install modules in their vehicles that allow, among other things, remote locking at any time. If attackers gain access to the control system of such modules, they can lock cars en masse, for example, for ransom or sabotage.
Hacking transport and logistics companies' systems and intercepting cargo. Another potential risk vector is attacks on transport and logistics companies to subsequently intercept orders and physically steal cargo. In today's world, the digitalisation of all supply chain processes means attackers can physically steal cargo without leaving cyberspace. Attackers can remotely hack systems and manipulate shipping data to deliver cargo to a specific address for subsequent resale.
Attacks on fueling and EV charging station infrastructure
The digitalisation trend is not bypassing the fueling infrastructure. Modern gas stations and electric vehicle charging stations are designed to be connected to cloud infrastructure. This opens up a wealth of opportunities for attackers. By 2026, attacks on these cloud infrastructures may be possible, aimed at directly stealing fuel or electricity, as well as customer data, such as personal information or fuel card details.
Exploiting weaknesses in car architecture to steal them
The world is increasingly producing modern, computerised vehicles with numerous electronic control units (ECUs), and attackers will continue to exploit implementation errors and vulnerabilities to steal vehicles. One recent example is when attackers were able to connect to the CAN bus of a major manufacturer's vehicles through a headlight, subsequently gaining access to the engine starter system. Experts expect that new vulnerabilities used for car theft will be discovered in 2026. Entry points can be any accessible interface: CAN bus, OBD port, Ethernet port, NFC module, Wi-Fi and Bluetooth chips, and LTE modem.
"It's important to note that some automakers have begun to focus on cybersecurity, demonstrating a high level of responsibility and actively preparing to address a wide range of threats. We work closely with these companies, regularly conducting security audits at their request, and thereby increasing the level of security across the entire supply chain – from manufacturers to end users," comments Artem Zinenko, Head of Kaspersky ICS CERT Vulnerability Research and Assessment.
Modern embedded vehicle computer systems are directly or indirectly connected to the internet, making attacks against them a matter of time. To create attack-resistant systems, security principles should be incorporated into the design and development stages. This will mitigate some risks and minimise the likelihood of exploitation. Kaspersky has developed its own solution for ensuring vehicle information security – Kaspersky Automotive Secure Gateway, based on the KasperskyOS operating system. Furthermore, risks can be minimised by regularly conducting security audits to promptly identify and remediate vulnerabilities, as well as installing specialised solutions with protection against ransomware and other types of malware on endpoints in office and industrial networks.
