Professional Documents
Culture Documents
Julian Bennett
Shams Al Ajrawi
Fiat Chrysler Automobiles (FCA) is among the top three US automobile manufacturers,
having a large footprint not only amongst domestic vehicle sales, but also internationally. As
such, FCA has a large electronic footprint enabling global manufacturing, sales, marketing, and
research and development. This high visibility makes FCA a large target for cyber threat actors,
ranging from criminal hackers to sponsored nation-state actors aiming to gain access and exploit
its information environment. Cyber Threat Intelligence (CTI) is a product of cyber threat
information that has been collected, evaluated for context and reliability, and analyzed through
substantive expertise (I&AWG, 2020) and is a unique and powerful tool to base all of FCA’s
Federal law enforcement agencies, including the FBI, warn of known and unknown threat actors
seeking to compromise and exploit the automobile industry using various attack methods known
throughout the cybersecurity sector. The automobile industry has an extensive research and
development sector that threat actors, primarily nation state-sponsored, aim to exploit in order to
gain an upper hand in the name of corporate espionage. Their primary attack vector remains
“phishing”, where employees are sent seemingly innocent emails, luring the recipient in to
opening malware embedded in an attachment. This malware varies in sophistication and damage
and enables the attackers to executive actions on their objectives. Included in a threat actor’s
arsenal are brute force attacks, ransomware, and other destructive malware designed to destroy
or hold data at risk. Organizational risk of cyber attacks or incidents can be mitigated by
developing robust cybersecurity policies and processes. This includes the build of a
comprehensive cyber threat intelligence platform and an extensive defense-in-depth program that
3
includes proactive vulnerability management and detailed vetting and risk assessments of third-
party vendors.
Fiat Chrysler Automobiles (FCA) is a top three US automobile manufacturer, with a large
global footprint and presence. As such, FCA has a large electronic footprint enabling global
manufacturing, sales, marketing, and research and development. Due to this high visibility, FCA
is a premier target of cyber threat actors, both criminal and state sponsored. Nation states will go
to great lengths to compromise FCA’s research and development arm and supply chain to gain
an upper hand and utilize corporate secrets for their own nefarious purposes. The aim of this
report is to assist executive leadership to understand and assess the threat facing the organization
Threat Actors
In a bulletin released to several private companies, the FBI warns of known and unknown
threat actors seeking to compromise auto industry computer systems using “sophisticated
environment where the auto industry’s vast research and development arm is extensive, state
sponsored threat actors use sophisticated attacks to gain an upper hand in support of corporate
espionage. While this report does not specifically point out specific actors responsible, it points
out that the automobile industry has become a lucrative target for both nation-states and cyber
criminals (Lindsey, 2019). Corporate espionage is a widely known effort of China-based threat
actors. A major Advanced Persistent Threat (APT), identified as “APT20”, is assessed with high
confidence that it supports the interests of the Chinese government and is tasked with obtaining
information for espionage purposes (Vijayan, 2019). China-backed APTs are largely known to
4
align with China’s Five-Year economic development plan to rise above other nation’s economies
and industries (Fireeye, 2019). This assessment directly aligns with the aforementioned FBI
report in that state-sponsored groups engage in espionage against specific industries, including
Delivery Methods
The FBI report points out that the most common attacks against the US automotive
industry are “brute force” attacks where a comprised database of users and usernames is used to
gain access to corporate infrastructure. While this is a seemingly simple attack method, it is
extremely inefficient and easily stopped by security defenses. An additional attack method is
described as a “phishing attack”, where employees are sent seemingly innocent emails, luring the
Intelligence Index 2020, phishing remains the top attack vector in use today. A third type of
attack is ransomware, where the attacker gains access to corporate information, encrypts it and
forces the victim to pay a ransom to decrypt it, or else destruction occurs. This is particularly
relevant to the automotive industry, as the Honda Company fell victim to the WannaCry
ransomware in 2017 (Dooley & Ueno, 2020). Regardless of attack method, most threat actors
must progress through a very specific sequence of steps in order to be successful. Lockheed
Martin developed a cyber kill chain methodology to provide a framework with which to analyze
a cyber attack. It is a seven-step process that not only assists with the post-mortem analysis of
attack, but also enables network defenders to align their defenses against. (Lockheed Martin,
Figure 1
Note. Lockheed Martin Cyber Kill Chain model for identification and prevention of cyber
intrusion activity.
Risk Reduction
When threat actors attempt to exploit an organization’s network, they generally follow
the above-mentioned steps in the cyber kill chain. It is imperative that organization’s plan for and
deploy their defenses at every step along this chain. CTI can assist with anticipating this threat
and tailoring these defenses to specific threats in order to maximize efficiency and cost
effectiveness. Utilizing a comprehensive CTI solution allows for the automation of the threat
6
organizational environment. CTI will greatly increase awareness of threats and allows for the
Additionally, as seen during many major cyber attacks, including the devastating
program (Rhysider, 2019). At the latest, patch and vulnerability management can stop the
attacker at step four of the cyber kill chain, exploitation. Exploits and many pieces of malware
take advantage of vulnerabilities embedded in outdated and unpatched software. When executed
properly, timely patching of vulnerabilities will stop the attacker from gaining access and
To mitigate or prevent the attacker’s actions on its objectives, proactive threat hunting on
the network will illuminate malicious cyber activity. With the help of intelligence tools and
analysis, threat hunting is the active pursuit of attacker indicators of compromise, eliminating the
References
Campbell, J. (2019). FBI says hackers are targeting the US auto industry.
https://www.cnn.com/2019/11/20/politics/fbi-us-auto-industry-hackers/index.html
Dooley, B., & Ueno, H. (2020). Honda hackers may have used tools favored by countries.
https://www.nytimes.com/2020/06/12/business/ransomware-honda-hacking-
factories.html
Fireeye. (2019). Double Dragon: APT41, a dual espionage and cyber crime operation.
https://content.fireeye.com/apt41/rpt-apt41
Intel & Analysis Working Group (I&AWG). (2020). What is cyber threat intelligence? Center
https://www.cpomagazine.com/cyber-security/fbi-warning-hackers-now-targeting-us-
automotive-industry/
Lockheed Martin. (2015). Gaining the advantage: Applying cyber kill chain methodology to
martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf
https://darknetdiaries.com/episode/54/
https://www.darkreading.com/attacks-breaches/china-based-cyber-espionage-group-
targeting-orgs-in-10-countries/d/d-id/1336676