Tesla's Cloud Was Hacked for Mining Cryptocurrency

Angelica Greene
February 22, 2018

The cybersecurity firm said in a report released Monday that it estimates 58 percent of organizations that use public cloud services, such as AWS, Microsoft Azure, or Google Cloud, have publicly exposed "at least one cloud storage service".

Since then, a number of other cryptojacking incidents have been uncovered and there are notable differences in the attacks.

"A tool called Mimikatz is used to pull credentials from a computer's memory to infect other computers on the network". From new regulations for virtual currency to stealth malware hacking smartphones and computers for crypto-mining, cryptocurrencies like BitCoin, Ripple, Ethereum, have seen a fair share of interest around the globe.

Nikola Tesla, best known for his contributions to the design of the modern alternating current (AC) electricity supply system, aptly suggested: everything evolves over a period of time.

Smash Bros. For The Nintendo Switch Could Be Released This Year
In a follow up, Sellars also wrote that Epic Games is developing their game Fortnite to come to Nintendo Switch. They ported DOOM to Switch as well as Rocket League , two of the most highly regarded ports on the system.

Qualcomm Unveils Reference Design For VR Headset Powered by Snapdragon 845
Recognising this, they've launched over 20 XR devices between standalone HMDs and XR-capable smartphones with customers. These features are now set to include "foveated rendering" (VR eye tracking) and support for room-scale VR experiences.

Husband charged with death of Delray mom who vanished at sea
A review of the Coast Guard video and photographs of the capsized catamaran showed that a small portion of each hull was breached. An expert later said the vessel had been "intentionally scuttled" after two underwater escape hatches were opened.

Security experts point out to the fact that hackers managed to evade immediate detection by concealing the footprints by the IP address hosted by well-known security firm Cloudflare.

It turns out that peeking at sensitive information wasn't the attacker's endgame, however, as it was later discovered that the access had been used to utilise the cloud service's compute power to mine cryptocurrency, essentially profiting at the original user's expense. In this case the hackers not only gained unauthorized access to non-public Tesla data, but were alsostealing compute resources within Tesla's Amazon Web Services (AWS) environment for cryptojacking. It appears that individual information was not accessed, but the CEO of RedLock, Varun Badhwar, says that they "didn't try to dig in too much" and instead alerted the auto company. The publicly-readable and publicly-writeable S3 servers might be stolen and further used for ransomware attacks of cryptocurrency mining. Instead, they put their own mining pool software which connected the malicious script to an endpoint. That makes it harder for standard IP/domain-based threat intelligence feeds to detect malicious activity. Finally, the CSI team noted that Tesla's Kunernetes console showed the cloud servers' CPU usage "was not very high", indicating the threat actors intentionally kept usage low so as to not raise suspicion.

The security firm reported the January 30 hack to Tesla, which corrected the issue within hours.

Tesla is reassuring customers that a recent cryptojacking has not compromised vehicle safety of customer privacy, despite the hack affecting the company's cloud databases. The research reveals that 8% of organizations suffer from this strain of criminality, which mostly goes unnoticed because of ineffective network monitoring. "It is tough to speculate why these instances were not password protected, but it is likely due to simple user error and lack of configuration monitoring by security teams". The process is just similar because the companies in last years expose also did not have passwords for their admin consoles. The EV firm says no important data was compromised.

Other reports by GizPress

Discuss This Article