The emergence of smart mobility services and applications has seen a surge in the use of APIs in the automotive industry. However, this growing reliance on APIs also makes them one of the most common attack vectors. According to Gartner, APIs represent 90% of a web application’s attack surface.
Unsurprisingly, similar trends can be seen in the area of smart mobility.Recent Automotive and Smart Mobility Cybersecurity Report To Upstream security The automotive and smart mobility ecosystem shows a 380% increase in API-based incidents in 2022 compared to 2021. Additionally, APIs accounted for 12% of cyber incidents in 2022, up from just 2% in 2021.
Upstream’s threat intelligence team reports that a study of smart mobility applications and services found malicious actors behind 53% of incidents. This shows that malicious intent is the driving force behind the majority of API-related attacks. The impact of these incidents goes far beyond compromising data or his PII, often causing service interruptions, fraud, trust concerns, and potential revenue loss.
Data-Driven Mobility Services Reshape Traditional Automotive Revenue Models
Automotive connectivity has grown dramatically in recent years, bringing transformative, data-driven revenue opportunities to new as well as traditional automotive stakeholders. Ride-sharing, car rental services, and even fleet management services are all leveraging mobile applications to provide consumers with easy access and enhanced experiences, making mobility all the more connected. It is Modern data use cases provide continuous monitoring and help stakeholders adopt new capabilities and opportunities. According to a McKinsey study, by 2030, 30% of car revenues will be attributed to data-driven smart His mobility services. road.
Massive congestion due to manipulated API transactions
In 2022, APIs will be used more and more skillfully in automotive and smart mobility cyberattacks. As an attack vector, APIs attract the attention of researchers and malicious actors. This is because APIs require a relatively low know-how or automotive expertise threshold. It inherently minimizes the entry barrier for threat actors. Her one vulnerability in the API could directly affect millions of different vehicles. A good example of the ease and severity of an attack can be seen in recent incidents in Europe. In mid-2022, central Moscow was jammed with traffic when a ride-hailing service was maliciously manipulated to move all available taxis to his one location. They cause hours of traffic jams, restrict people’s freedom of movement, and endanger public infrastructure and safety. In this case, the attacker didn’t need to understand the vehicle’s behavior or functionality, just identify and exploit API vulnerabilities.
A WAF Is Not (Always) Enough: Developing a Contextual Framework for Smart Mobility API Security
Smart Mobility Services has always monitored and protected API transactions to avoid revenue loss due to fraud, service downtime, and compromise of an organization’s or users’ personal data. However, traditional API security solutions have significant “blind spots” when it comes to smart mobility. The lack of contextual analysis of the impact of API transactions on moving vehicles often misses detection of advanced attacks impacting mobility applications, assets, and consumers.
To ensure a strong cybersecurity posture in the smart mobility ecosystem, we need to expand our scope and Real-World Impact of APIs on Mobility Assets, including vehicles on the road. API security has evolved over time, integrating aspects of OT (operational technology) that correlate API traffic, transactions, and the contextual state of mobility assets to provide a strong cybersecurity posture. The goal is to layer API discovery, profiling, and monitoring for detailed analysis of the behavior of mobility assets and the security impact of specific API transactions. Taking into account how OT assets behave differently than IT assets, we can begin approaches to protect them in contextual ways, such as their firing status, location, and speed.
Smart mobility players are adopting new approaches to secure smart mobility API transactions. This includes four key steps:
- Map your potential attack surface
- Continuously monitor API traffic
- Apply contextual anomaly detection
- Cyber threat mitigation and response
The first step is to understand the potential attack surface associated with your API. This requires inventorying APIs used by services, applications, and third parties from documentation sources such as Swagger, and analyzing live, real-time API traffic and transactions. This analysis included both documented, undocumented and even degraded but live APIs, making them “perfect” access points for attackers. may become.
Once your attack surface is understood, you can strengthen your cybersecurity posture by monitoring API traffic to ensure changes are documented and detected. Also misuse of misconfigurations. When monitoring mobility API traffic in real time, it is important to consider the ability to handle the scale and complexity of these transactions and recognize deviations from the normal state of the asset. Cybersecurity becomes very important when a single API call can start a vehicle’s engine or report the driver’s location.
Because smart mobility assets are inherently OT, they can be secured using their context (the state at a given point in time). Major deviations or anomalies in their behavior may indicate potential misuse or attack. By correlating asset state with API traffic, cyber teams can understand the contextual meaning and implications for applications and users. A seemingly valid request can be a symptom of malicious intent. For example, a single IP may not be suspicious at first, but sending requests to multiple vehicles or mobility applications should quickly lead to suspicion and investigation.
Upstream security Recently, we went one step further Contextual analysis of API transactionsIt relies on a robust digital twin, a live digital representation of an asset’s state built on data streams from applications, backend servers, telematics services, and more. The result is a comprehensive view of all affected mobility assets and users. When an attack or misconfiguration is detected with the unique context provided by understanding the state of assets, cyber teams can respond effectively and quickly to mitigate potential risks.
This unique mobility-driven approach opens up a new range of API security activities in the smart mobility ecosystem. Innovation in this area is progressing rapidly, and eliminating “blind spots” continues to be a top priority with the introduction of new transportation models, self-driving services and ride-sharing options.
