It appears that ransomware attacks are soon going to become obsolete, as cryptojacking is becoming the new favorite tool for hackers. After infecting thousands of government websites in the US and UK with cryptocurrency mining malware, hackers have now targeted Tesla’s cloud infrastructure to pocket some cryptocurrency fortune.
Discovered by a cloud security firm named RedLock, Tesla’s AWS (Amazon Web Services) public cloud environment was found exposed without any form of security, and was thus exploited by hackers to mine cryptocurrency for an unspecified duration.
RedLock’s CSI (Cloud Security Intelligence) team discovered that Kubernetes administration consoles belonging to Tesla in the AWS cloud ecosystem were left exposed without any password, leaving sensitive data such as telemetry reports, vehicle and mapping data, etc. accessible to anyone. “We got alerted that this is an open server and when we investigated it further that’s when we saw that it was actually running a Kubernetes, which was doing cryptomining. And then we found that, oh, it actually belongs to Tesla.“, noted RedLock CTO Gaurav Kumar.
The hackers reportedly mined cryptocurrency by injecting malicious script in the exposed Kubernetes pods containing Tesla’s data cache. Moreover, the hackers implemented some evasive measures like connecting the cryptojacking script to an unlisted endpoint, hiding the true IP address and keeping the CPU usage to a minimal level in order to avoid detection. Tesla fixed the security vulnerability as soon as RedLock notified the company about the crypto-mining incident.
When asked about the extent of the attack and whether it led to sensitive data being stolen, a Tesla spokesperson responded,“We addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
Even though user data was not stolen, it still puts a huge question mark over the security of cloud services and the measures that must be taken to prevent such attacks. “Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity.”, added RedLock’s security chief.