Asia Pacific Automotive Cybersecurity

Powered by CyCraft and TrapaSecurity

Taipei, Taiwan — 28 April 2022 — CyCraft Technology, a world-leading cybersecurity firm based in Taiwan, announced they will join forces with local security firm 菱鏡股份有限公司 (菱鏡 meaning “prism” in Chinese, referred to as TrapaSecurity) to build an automotive cyber security research team. Aligned in their efforts to continually foster innovation and build momentum, CyCraft and TrapaSecurity aim to pool their technical expertise and research talents to better secure Internet-connected vehicles and drivers.

Rising Security Concerns

As the global electric vehicle (EV) market continues to rise so do cybersecurity concerns, such as with over-the-air (OTA) software update architecture. OTA is only one of a myriad of concerns as it can serve as a major attack vector for malicious cyberattacks. These concerns, as well as recent international regulations (ISO/SAE 21434, UN R155, and UN R156), have driven tremendous growth in the automotive cybersecurity market. In 2021, the automotive cybersecurity market in the Asia Pacific region was valued at 1.2B USD and is projected to reach 4.9B by 2030.

“As early as 2017, CyCraft has been involved in automotive cybersecurity research. In our 2018 report 從網路安全到汽車攻擊 (From Cybersecurity to Vehicle Hacking), we discussed the expanding attack surface of vehicles, and the importance continuous digital forensic technology will play for Vehicle SOCs in the future. Four years later, the importance of automotive cybersecurity has not only increased but has become a common pain point in the industry. There is a growing demand for cybersecurity specialists.

Talent in this field isn’t found; it’s cultivated. Through our collaboration with TrapaSecurity, we will not only cultivate talent but also be able to conduct the in-depth research necessary to develop effective and efficient solutions for 21st-century automotive security.”

— PK Tsung, CyCraft Co-Founder and CSO

The Next Generation of Cybersecurity Talent

The global race towards digitization has given way to cyberattacks across every industry and sector from one individual’s livelihood to international enterprises. The lack of both quality and quantity of relevant cybersecurity talent has become a common talking point in the global cybersecurity community.

Through their various high-school and university intern programs as well as their strong support for the local Taiwan hacker community (HITCON, HITCON GIRLS, and the myriad of CTF teams), CyCraft is fully committed to not only developing the next generation of cybersecurity solutions but also cultivating the next generation of cybersecurity talent to help lead the way in the coming decades.

Although young in age, the founding members of TrapaSecurity have proven their technical capability and knowledge by participating in and winning world-class hacking competitions (such as Capture the Flag competitions, or CTF). CyCraft has already collaborated with TrapaSecurity in the past on several security reports, including risk research on vehicle electronic control units (ECUs) and automotive telematics-boxes (T-Box) for Mercedes-Benz and Volkswagen.

“Since the founding of the TrapaSecurity team, we have and will continue to invest in vulnerability research. We’re always looking to expand our research into other fields. Collaborating with CyCraft allows us to strengthen and enrich the depth and breadth of each other’s research.”

— Chao Chengyu, TrapaSecurity CEO

TrapaSecurity is composed of former HITCON CTF team members who have fought in international hacking competitions for years and have proven their ability to design, decipher, and host large-scale CTF competitions. After founding TrapaSecurity in 2020, they have continued honing their technical skills through major international information security competitions, assisting in vulnerability research, product security assessments, CTF competition honing, and cybersecurity services training.

The Future of Asia Pacific Automotive Cybersecurity

The newly formed Automotive Cybersecurity research team comprised of both CyCraft and TrapaSecurity will focus on vehicle cyberattack scenario research, creating a measurable evaluation methodology for Internet of Vehicle (IoV) threats, building a universal attack framework, and ultimately assisting manufacturers and their supply chain in hardening their defense and improving their overall defensive posture.

It is hoped that through the continued research of automotive cybersecurity and the development of continuous digital forensic technology, Taiwan will establish itself as a leader in the field of vehicle cybersecurity research and prevention not only in the Asia Pacific but globally.

About TrapaSecurity

TrapaSecurity is an information security research firm founded in 2020. Their team has extensive research experience in different information security fields, including Windows, Mobile, and IoT security. They are also experienced CTF players and organizers and have participated in international CTF tournaments as the HITCON CTF Team, achieving second place at DEF CON 22, 25, and 27. At present, TrapaSecurity provides on-demand vulnerability research, product security assessment, CTF hosting and training, and cybersecurity services training. TrapaSecurity focuses on Windows, Mobile, IoT, and EV Security research as well as continued excellence in various international hacker competitions.

Learn more → https://trapasecurity.com/

About CyCraft

CyCraft leverages proprietary continuous digital forensic technology to secure government agencies, financial institutions, semiconductor manufacturing, police and defense organizations, Fortune Global 500 firms, airlines, telecommunications, SMEs, and more by being Fast / Accurate / Simple / Thorough.

CyCraft automates information security protection with built-in advanced managed detection and response (MDR), global cyber threat intelligence (CTI), smart threat intelligence gateways (TIG), network detection and response (NDR), security operations center (SOC) operations software, auto-generated incident response (IR) reports, enterprise-wide Health Check (Compromise Assessment, CA), and Secure From Home services. CyCraft also collaborates with other cybersecurity organizations, including the International Forum of Incident Response & Security Teams (FIRST) and the Taiwan Cybersecurity Center of Excellence (CCoE).

Meet your modern cyber defense needs by engaging CyCraft at engage@cycraft.com

Additional Resources

• In early 2022, CyCraft uncovered a months-long supply chain attack targeting the Taiwan financial sector with evidence implicating the Chinese Intelligence Agency, the Ministry of State Security (MSS).
• In early 2020, CyCraft curtailed a year-long attack campaign targeting Taiwan’s semiconductor ecosystem and identified a new China-linked threat group, Chimera.
• In the spring of 2020, a CyCraft incident response (IR) investigation into a government agency breach uncovered Waterbear malware — malware designed and distributed by the China-linked threat group BlackTech.
• In April 2020, CyCraft observed a China-linked threat group use ransomware as a smokescreen for a targeted attack on the CPC Corporation — the largest gasoline supplier in Taiwan. The ransomware was a smokescreen for the attackers’ real objective.
• Out of the 47 Representative AI Startups listed in Gartner’s AI Market Guide, 7 are based in Taiwan, and 5 are based in Hong Kong. But only 1 of the 47 Representative AI Startups focused on cybersecurity products and services — CyCraft.
• Our CyCraft AIR security platform achieved a 96.15% Signal-to-Noise Ratio with zero configuration changes and zero delayed detections straight out of the box.
• Learn more about cybersecurity in our CyCraft Classroom Series. Our latest article, “What is Managed Detection and Response (MDR)?” teaches the benefits of MDR, its unique selling points, and how to make better-informed decisions when choosing an MDR service or vendor.