By 
Feb 22, 2018
0 Comments
According to the tech security firm RedLock, Hackers infiltrated Tesla’s cloud environment and stole computing power to mine cryptocurrencies. A report was released giving details on cloud security threats. RedLock’s Cloud Security Intelligence team notified Tesla about the crypto-jacking and the vulnerability of the network.
The electric vehicle company had fallen victim to a crypto-jacking mining malware attack. RedLock warned that crypto-jacking will become one of the biggest security concerns for enterprise computing worldwide. They said that the landscape is shifting from data theft to computational power theft. They described this as the “Crypto-jacking Epidemc” and said that it will have far-reaching consequences for enterprise computing.
How did this happen
The hackers have exploited an insecure Kubernetes console and used it to access computer processing power from Tesla’s cloud environment. We have written so many times about site using your CPU and GPU to mine cryptocurrencies. There are many cases of “crypto-jacking” and you can read about this type of malware attacks in this quick article.
The team said that it discovered and reported the vulnerability to Tesla several months ago. Tesla spokesperson said that the breach didn’t impact customer privacy or the security of Tesla’s vehicles:
“The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
Tesla was reportedly running one of hundreds open-source systems. The Cloud Security Intelligence team found them accessible online without being protected by a password. This exposure allowed hackers to access Tesla’s cloud environment on Amazon.
The Hackers accessed Tesla’s AWS access by entering the no password Kubernetes container. They used it to mine cryptocurrencies and disguised it well. The Hackers didn’t use a known mining pool to complicate the ability to detect any suspicious activity unlike previous crypto mining attacks.
Instead they installed their own mining pool software that connected the script to an unlisted semi-public endpoint. RedLock also reported that they kept their CPU usage low during the hack and hid the mining pool’s IP address behind free content delivery network CloudFlare. This allowed them to hide the IP address of the mining pool server making it hard to find.
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it.”
It’s not the first and won’t be the last time.
RedLock’s CSI team have exposed the same hack of AWS for Bitcoin mining at companies Gemalto and Aviva in October 2017. These companies didn’t have passwords for their consoles too. RedLock’s CTO Gaurav Kumar said that public cloud environments are particularly vulnerable to mining hacks. He said:
“Public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. In the past few months alone, we have uncovered a number of crypto-jacking incidents including the one affecting Tesla.”
Such cases have been on the rise with the increase in cryptocurrency value. RedLock’s blog post was titled “Lessons from the Crypto-jacking Attack at Tesla” ended with recommendations for companies to prevent such cases of crypto-jacking in the future. RedLock advises firms to monitor configurations, suspicious user behavior and network traffic.
- Security Token Offering (STO) Guide: Everything you need to know about STOs - Feb 28, 2019
- Coinbase Pro is adding Ripple (XRP) support for trading - Feb 27, 2019
- Top ICOs of 2018: Initial Coin Offerings that beat the Crypto Bear’s market - Feb 26, 2019
- Ethereum hard forks Constantinople and St. Petersburg scheduled by the end of the week - Feb 25, 2019
- Ethereum founder and CEO, Vitalik Buterin revealed his non-Ether holdings and revenue sources - Feb 22, 2019
