While founder and CEO Elon Musk’s unpredictable management of Twitter has forced Tesla stock into a sharp decline, the carmaker’s models remain popular through most of 2022, according to Cox Automotive’s Kelley Blue Book.

For the first nine months of 2022, it was reported that four of the top six best-selling electric cars were Teslas. At the top of the rankings were the Tesla Model Y, with 191,451 units sold, and the Model 3, with 156,357 units. The Ford Mustang Mach-E stood third with 28,089 units.

“With all the negative headlines surrounding Tesla and its increasingly controversial CEO Elon Musk in recent weeks, it’s easy to forget that the company’s cars are still very popular,” data journalist Felix Richter wrote Tuesday on Statista.

“While it is too early to say whether Musk’s Twitter acquisition and the unrest that accompanied it will have a significant negative impact on demand for Tesla’s cars,” he continued, “its current position as the maker of the most popular electric cars in the United States And evident in many parts of the world.”

power of the first mover

In the EV space, Tesla has been wildly popular, and it remains so, observed Brent Gruber, executive director of global automotive at JD Power, a consumer research, data and analytics firm based in Troy, Michigan.

Citing data from JDP’s December survey, Gruber said that four out of 10 buyers looking to buy a vehicle in the next 12 months are “very” or “somewhat” likely to buy an EV. Considering the Tesla brand. “It’s second only to Chevrolet,” Gruber told TechNewsWorld.

“However,” he continued, “the percentage of those potential EV shoppers who are considering Tesla has declined by five percentage points since November.”

Chris Jones, principal analyst at global market research company Canalys, said Tesla still benefits from being a first mover in the EV market.

“There was very little competition, and there still isn’t much competition,” Jones told TechNewsWorld.

“Tesla also had a status appeal that the Nissan Leaf, Chevy Volt, BMW i3 didn’t have at the time,” he added.

Another attractive feature for early customers, he continued, were over-the-air updates to Tesla’s software. “Now only some of its competitors can do that,” he said. “So Tesla was a decade ahead in software updates and the ability to make the vehicle better when it was out of date.”

Charging Advantage

Being a “pure play” electric car company that works at scale is another advantage Tesla has in the market — in addition to being the only EV maker with a charging network, said Rob Enderle, president and principal analyst at the Enderle Group. An advisory services firm in Bend, Ore.

“Other car companies are ramping up their electric vehicles, but they are facing supply problems due to the pandemic, war and other supply issues,” Enderle told TechNewsWorld.

This chart shows the best-selling electric cars in the US for the first nine months of 2022.

Chart credit: Statista

Tesla’s charging network is a key element of its offering, maintained Mike Ramsey, vice president and analyst for automotive and smart mobility at Gartner. “Their charging network is a fundamental differentiator between them and other brands selling electric vehicles,” he told TechNewsWorld.

Gruber said vehicle charging is one of Tesla’s notable advantages over its competitors. In JDP’s 2022 charging studies, Tesla received awards for highest satisfaction with Level 2 permanently attached home chargers, public Level 2 charging and DC fast charging.

In the public charging study, Gruber observed that the wide availability of the Tesla charging network, ease of use – especially with the payment/account process – and network reliability helped the network perform well.

Ease of use was also one of the standout metrics for Tesla in the home charging study, he said.

bumpy road ahead

While 2022 has been a good year for Tesla sales, storm clouds may be on the horizon. “Musk’s Twitter escapades, coupled with his move to the political right, have alienated the typical left-leaning Tesla buyer, hurting sales and forcing rebates and other practices to move vehicles.” ,” Enderle maintained.

“Our local Tesla dealer appears to be up to its neck in overstock due to slow sales, suggesting Tesla numbers may be in transition or overpriced,” he said.

“Since Tesla sells through their own stores, there is no third party verification of their sales numbers, and they have been going to promote rapidly declining valuations for some time now,” he explained.

“As FTX showed,” he continued, “oversight on corporations is almost non-existent, which calls into question much of what is reported by every public company, especially those under high stress like Tesla and Twitter. “

The competition is also heating up. “Buyers have an increasing selection of EVs to choose from,” Gruber said.

“The number of products coming from OEMs is growing rapidly,” he continued. “Those products now fill vacancies in popular segments and brands with high loyalty rates, such as the Ford F-150 Lightning and Toyota bZ4X.”

“Competition is increasing, and we’re seeing it in our data,” he said.

musk chakra

Ramsey agreed that competition will be a future challenge for Tesla. “They showed the way for startups like Rivian and Lucid,” he said. “Those guys are going to get stronger and stronger.”

“Meanwhile, traditional car companies are adding more and more electric vehicles to their lineups that are going to be a lot more affordable than Tesla,” he observed.

“New competitors like Lucid and Rivian are causing Tesla pain,” Enderle said. Anecdotally, he notes that two of his neighbors now have Rivian, and one who owns a Tesla is considering a Rivian.

“Plus,” he continued, “better electric vehicle solutions from various carmakers will put more pressure on the company, but the firm’s biggest problem is Musk, and fixing him has proven problematic.”

“They forced Tesla to provide incentives to sell cars, resulting in a massive drop in Tesla’s valuation and Musk’s net worth,” he added. “It has also increased the number of potential Tesla buyers considering alternatives.”

Ramsey pointed out, however, that Tesla’s CEO has long been a mix for the company. “Since the company’s inception, Elon Musk has been key to Tesla’s success and the source of some of its problems,” he said. “He’s gone through periods where he’s had more losses than gains, but it goes in cycles.”

As if defenders of the software supply chain didn’t have enough attack vectors to worry about, they now have a new one: machine learning models.

ML models are at the heart of technologies such as facial recognition and chatbots. Like open-source software repositories, models are often downloaded and shared by developers and data scientists, so a compromised model can have effects on multiple organizations at once.

Researchers from machine language security company HiddenLayer revealed in a blog post on Tuesday how an attacker could use a popular ML model to deploy ransomware.

The method described by the researchers is similar to how hackers use steganography to hide malicious payloads in images. In the case of ML models, the malicious code is hidden in the model’s data.

According to the researchers, the steganography process is quite general and can be implemented on most ML libraries. He added that the process need not be limited to embedding malicious code in models and can also be used to extract data from an organization.

machine learning model hijacking

Image Courtesy of HiddenLayer

Attacks can also be operating system agnostic. The researchers pointed out that OS and architecture-specific payloads can be embedded in the model, where they can be loaded dynamically at runtime depending on the platform.

flying under the radar

Tom Bonner, senior director of adversarial threat research at Austin, Texas-based HiddenLayer, said that embedding malware in ML models provides some advantage to an adversary.

“It allows them to fly under the radar,” Bonner told TechNewsWorld. “This is not a technology that is detected by current antivirus or EDR software.”

“It also opens up new targets for them,” he said. “It’s a direct route into data scientist systems. It’s possible to dump machine learning models hosted on public repositories. Data scientists will pull it down and load it, then it’s patched.”

“These models are also downloaded to various machine-learning ops platforms, which can be very scary because they can have access to Amazon S3 buckets and steal training data,” he continued.

“most of [the] Machines running machine-learning models tend to have bigger, fatter GPUs, so bitcoin miners can be very effective on those systems as well,” he said.

HiddenLayer demonstrates how its hijacked pre-trained ResNet model executed a ransomware sample the moment it was loaded into memory by PyTorch on its test machine.

first mover advantage

Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz., often likes to exploit unanticipated vulnerabilities in new technologies.

“Attackers looking for first-mover advantage in these frontiers can enjoy both less preparation and proactive protection by exploiting new technologies,” Clements told TechNewsWorld.

“This attack on machine-language models looks like it could be the next phase of the cat-and-mouse game between attackers and defenders,” he said.

Threat actors will take advantage of whatever vectors they can to carry out their attacks, explained Mike Parkin, senior technical engineer at Vulkan Cyber, a provider of SaaS for enterprise cyber risk remediation in Tel Aviv, Israel.

“It’s an unusual vector that can outperform some common tools if done carefully,” Parkin told TechNewsWorld.

Traditional anti-malware and endpoint detection and response solutions are designed to detect ransomware based on pattern-based behaviors, including virus signatures and monitoring key API, file, and registry requests on Windows for potential malicious activity , Chief Security Officer Morey Haber explained. BeyondTrust, a developer of privileged account management and vulnerability management solutions in Carlsbad, California.

“If machine learning is applied to the delivery of malware such as ransomware, traditional attack vectors and even detection methods can be changed to appear non-malicious,” Haber told TechNewsWorld.

potential for extensive damage

Attacks on machine-language models are on the rise, said Karen Crowley, director of product solutions at Deep Instinct, a deep-learning cybersecurity company in New York City.

“It’s not critical yet, but widespread damage is likely,” Crowley told TechNewsworld.

“In the supply chain, if the data is poisoned so that when the model is trained, the system is also poisoned, then that model can make decisions that reduce rather than strengthen protection,” he explained.

“In the cases of Log4j and SolarWinds, we saw an impact not only on the organization that has the software, but all of its users in that chain,” she said. “Once ML is introduced, the damage can add up quickly.”

Casey Ellis, CTO and founder of BugCrowd, which operates a crowdsourced bug bounty platform, said attacks on ML models could be part of a larger trend of attacks on software supply chains.

Ellis told TechNewsWorld, “Just as adversaries can attempt to compromise the supply chain of software applications to insert malicious code or vulnerabilities, they can also compromise the supply chain of machine learning models to insert malicious or biased data or algorithms.” can also target.

“This can have a significant impact on the reliability and integrity of AI systems and can be used to undermine trust in the technology,” he said.

Publam for Script Kiddies

Threat actors may show increased interest in machine models because they are more vulnerable to people than they thought.

“People have known this was possible for a while, but they didn’t realize how easy it was,” Bonner said. “It’s fairly trivial to put together an attack with a few simple scripts.”

He added, “Now that people have realized how easy it is, this script is in the realm of children.”

Clements agreed that the researchers have shown that it does not require hardcore ML/AI data science expertise to insert malicious commands into training data that can then be triggered by ML models at runtime.

However, he continued, more sophistication is required than run-of-the-mill ransomware attacks that rely primarily on simple credential stuffing or phishing to launch.

“Right now, I think the popularity of the specific attack vector is likely to subside for the foreseeable future,” he said.

“Exploiting this requires an attacker compromising the upstream ML model project used by downstream developers to download pre-trained ML models to the victim, with embedded malicious commands from an unauthenticated source.” exploits,” he explained.

“In each of these scenarios,” he continued, “it appears that there would be much easier and more straightforward ways to compromise the target than simply inserting entangled exploits into the training data.”