Tesla's Cloud Was Hacked for Mining Cryptocurrency

Angelica Greene
February 22, 2018

The cybersecurity firm said in a report released Monday that it estimates 58 percent of organizations that use public cloud services, such as AWS, Microsoft Azure, or Google Cloud, have publicly exposed "at least one cloud storage service".

Since then, a number of other cryptojacking incidents have been uncovered and there are notable differences in the attacks.

"A tool called Mimikatz is used to pull credentials from a computer's memory to infect other computers on the network". From new regulations for virtual currency to stealth malware hacking smartphones and computers for crypto-mining, cryptocurrencies like BitCoin, Ripple, Ethereum, have seen a fair share of interest around the globe.

Nikola Tesla, best known for his contributions to the design of the modern alternating current (AC) electricity supply system, aptly suggested: everything evolves over a period of time.

Prince Harry and Meghan Markle Watch 'Hamilton' for Romantic Date Night
Following the procession, "there will be a reception at St George's Hall for the couple and guests from the congregation". Harry and Meghan's " Hamilton " outing came after they enjoyed their first joint visit to Edinburgh on Tuesday.

Renault Sport Formula One Team reveals Renault RS18 vehicle
Renault are the fifth team to reveal their 2018 challenger - the R.S 18 - following an online launch on Tuesday afternoon. The Renault R.S.18 will make it's on track debut at the first test in Barcelona , from 26 February to 1 March.

Trump calls for investigation into Obama administration's handling of Russian meddling
The online activity of the Russians included support for Trump and Bernie Sanders, along with a large amount of disinformation. After the election, Obama ordered a review of the election hacking, which was followed by sanctions against Moscow.

Security experts point out to the fact that hackers managed to evade immediate detection by concealing the footprints by the IP address hosted by well-known security firm Cloudflare.

It turns out that peeking at sensitive information wasn't the attacker's endgame, however, as it was later discovered that the access had been used to utilise the cloud service's compute power to mine cryptocurrency, essentially profiting at the original user's expense. In this case the hackers not only gained unauthorized access to non-public Tesla data, but were alsostealing compute resources within Tesla's Amazon Web Services (AWS) environment for cryptojacking. It appears that individual information was not accessed, but the CEO of RedLock, Varun Badhwar, says that they "didn't try to dig in too much" and instead alerted the auto company. The publicly-readable and publicly-writeable S3 servers might be stolen and further used for ransomware attacks of cryptocurrency mining. Instead, they put their own mining pool software which connected the malicious script to an endpoint. That makes it harder for standard IP/domain-based threat intelligence feeds to detect malicious activity. Finally, the CSI team noted that Tesla's Kunernetes console showed the cloud servers' CPU usage "was not very high", indicating the threat actors intentionally kept usage low so as to not raise suspicion.

The security firm reported the January 30 hack to Tesla, which corrected the issue within hours.

Tesla is reassuring customers that a recent cryptojacking has not compromised vehicle safety of customer privacy, despite the hack affecting the company's cloud databases. The research reveals that 8% of organizations suffer from this strain of criminality, which mostly goes unnoticed because of ineffective network monitoring. "It is tough to speculate why these instances were not password protected, but it is likely due to simple user error and lack of configuration monitoring by security teams". The process is just similar because the companies in last years expose also did not have passwords for their admin consoles. The EV firm says no important data was compromised.

Other reports by GizPress

Discuss This Article

FOLLOW OUR NEWSPAPER