19 February 2026
Cyberattacks on automobile manufacturers, taxi fleets, and logistics providers: The risks to automotive infrastructure in 2026
Modern cars are complex digital devices with extensive remote communication capabilities that expand the vehicle’s attack surface. Attackers can target not only cars directly but also the systems to which they are connected. Kaspersky experts share a cyberthreat forecast for the automotive industry in 2026.
Attacks on automobile manufacturer infrastructure
In 2026, financially motivated attackers will continue to target the infrastructure of automobile manufacturers, which may result in production shutdowns or the theft of confidential data. There were several such incidents in 2025. One incident in particular will remain on the radar for a long time: the large-scale attack on Jaguar Land Rover. A ransomware attack on the company resulted in a five-week production shutdown, causing direct losses estimated at tens of millions of dollars and forcing Jaguar Land Rover to take out additional loans totaling $4.69 billion from the government and commercial banks. The attack impacted approximately 5000 organizations in the UK, and several of the manufacturer’s suppliers were forced to file for bankruptcy.
The current trend is supply chain attacks on automaker infrastructure via hacked contractor systems. One victim of such an attack was Stellantis, a global corporation that owns several automotive brands. The attackers gained access to a third-party service provider’s platform and stole personal data. There is nothing to suggest there will be fewer reports of leaks involving confidential user data and vehicle movements from automaker infrastructures in 2026.
One element of proactive protection is conducting regular security audits like those performed by Kaspersky. These audits identify vulnerabilities that can be exploited for such attacks.
Attacks on taxi infrastructure, taxi fleets, carsharing services, transport and logistics companies
Financially motivated attackers are interested in users’ personal data and access to their accounts. This data can be used for various criminal activities, such as renting cars under someone else’s name and transporting prohibited substances. Cyberattacks on fleet management and transportation order distribution systems may also be carried out to disrupt operations and cause reputational and financial damage to companies. One notable case involved an attack on a taxi service where several dozen drivers simultaneously received calls to one location, causing a traffic jam.
Attacks on car fleets are also fraught with the risk of cars being immobilized remotely, since carsharing, taxi and leasing companies install modules in vehicles that allow them to stop cars remotely in case of non-payment by the driver or taxi company. If attackers gain access to the control system of these modules, or directly to the modules themselves, they can immobilize vehicles en masse for politically motivated sabotage or to demand a ransom.
With the digitalization of all supply chain processes, criminals can physically steal cargo without ever leaving the cyberspace. They can hack the transport and logistics systems of companies remotely and manipulate shipping information to steal cargo and deliver it to a specific address. The stolen goods can then be sold on marketplaces via a legitimate supply chain and retail sales, either through hacked organizations or just blindly by people who think they are carrying out legal transactions for the transportation and sale of goods.
Attacks on fueling and EV charging station infrastructure
Digitalization has not bypassed filling stations. Modern gas stations and electric vehicle (EV) charging stations are connected to cloud infrastructure. This gives operators remote access for diagnostics and allows users to pay for services online. Unfortunately, this technology also opens up a wealth of opportunities for attackers. Attacks on these cloud infrastructures, aimed at the direct theft of fuel or electricity, as well as customers’ personal details or fuel card information are possible in 2026. In fact, an incident of this kind has already occurred: in 2025, Digital Charging Solutions, a German company that develops solutions for charging stations, reported unauthorized access to customer user data.
Attacks on road infrastructure
Road infrastructure, in particular traffic safety cameras, can attract financially and politically motivated attackers. For example, in 2025, the Dutch Attorney General’s Office reported a cyberattack that disabled traffic cameras across the country. The service that sends fines by email was also disrupted. Access to traffic cameras provides attackers with numerous opportunities, such as using the cameras for espionage.
Heavy-duty vehicle movement control systems and various automation systems for customs control may also be targeted by different categories of attackers.
In the future, we may see an increase in cyberattacks on V2X infrastructure to disrupt autonomous vehicle control systems. Fortunately, these attacks have not yet become widespread.
Stealing cars by exploiting architectural weaknesses
More and more modern, computerized vehicles with numerous electronic control units (ECUs) are being produced, and criminals will continue to exploit implementation errors and vulnerabilities to steal them. In one known case, attackers connected to a car’s CAN bus through a headlight and subsequently gained access to the engine starter system. Attackers also often exploit weaknesses in keyless entry systems to steal cars. We expect new vulnerabilities that can be used for car theft to be discovered in 2026. Potential entry points include any accessible interfaces, including the CAN bus, OBD and Ethernet ports, NFC module, Wi-Fi and Bluetooth chips, and LTE modems.
“It’s important to note that many automakers have begun to focus on cybersecurity, demonstrating a high level of responsibility by actively preparing to address a wide range of threats. We work closely with automobile manufacturers, regularly conducting security audits at their request, and thereby increasing security across the entire supply chain – from car component manufacturers to end users,” says Artem Zinenko, Head of Kaspersky ICS CERT Vulnerability Research and Assessment.
Modern embedded vehicle computer systems are directly or indirectly connected to the internet, so it is only a matter of time before attacks on these systems become commonplace. To create attack-resistant vehicles, it is crucial to consider cybersecurity at the design and development stages of their components. This will make attacks more difficult and minimize the likelihood of severe consequences.
Kaspersky offers its own vehicle cybersecurity solution, Kaspersky Automotive Secure Gateway, based on the KasperskyOS operating system. Its main task is to prevent attackers from developing an attack from one compromised module (e.g., a head unit, telematics unit, or tachograph) to another (e.g., an engine, transmission, or brake control unit system). This protects participants from the most severe consequences of a cyberattack. In order to make car components safer, we help automotive manufacturers and their suppliers identify new vulnerabilities and architectural security issues in a timely manner. We also research the supporting infrastructure systems – telematics and cloud services of connected cars. For additional protection against accidental infections and targeted attacks, we recommend using specialized solutions in enterprise office networks and production systems, including Kaspersky products.