Last year finished with some vicious ransomware attacks, of course. For example, did the Chinese electric vehicle maker Nio Inc. received an email in which the sender demanded $2.25 million in Bitcoin for not releasing hacked data of the company. Read about it here.

Also, on Christmas eve (!), the Scotland-based and UK’s leading independently owned car retailer: “Arnold Clark” was hit by a cyberattack. Of course not so fun, and especially not as the company’s IT chief was on holiday in Italy and had to get the first flight home for desperately fixing the problems, knowing that the company’s last IT chief was sacked around a year ago after another security breach. Link to the Sun.

A critical zero-day vulnerability impacting all versions of Linux released in the last nine years was discovered by security researchers in July last year, but publicly disclosed on December 22, last year. The vulnerability allows attackers to remotely and with no authentication gain root access to servers running Samba, which is a popular open-source implementation of the SMB protocol. Link.

As this year has just started, we can once again report on the right-to-repair movement. The right-to-repair pretty much involves everything related to consumers ability to repair and modify their own consumer products, but the trend which we have mentioned occasionally throughout the last years of our AutoSec newsletters refers to the agricultural sector, and particularly related to tractor manufacturer John Deere.

So here is some breaking news! John Deere & Co have now announced (in January 2023) that they will from now on allow farmers (consumers) repair their own tractors, as long as it does not require manufacturers to:

…“divulge trade secrets, proprietary or confidential information, allow owners or Independent Repair Facilities to override safety features or emissions controls or to adjust Agricultural Equipment power levels; or, violate any federal, state, or local laws or regulations.”

Read more about it here.

As usual at the beginning of a happy new year, there are also published reports. For example, Upstream’s fifth annual report in Automotive Cybersecurity, where the 2023 edition has analyzed 268 automotive and smart mobility cybersecurity incidents.

Some key findings about the analyzed year of 2022 include:

  • 63% of incidents were carried out by black hat actors
  • 380% increase in API-related incidents vs. 2021
  • 35% increase in deep and dark web findings vs. 2021

The report can be found here.

Finally, just some fun facts about the weakest passwords of 2023. Read!

Happy new year!

Written by Joakim Rosell