Tesla, an American company that specializes in electric vehicles, energy storage, and solar panel manufacturing, has become the latest victim of cryptojacking. It is defined as the secret use of the computing device to mine cryptocurrency, e.g. Bitcoin and Monero. In this case, hackers managed to break into Tesla’s Amazon cloud account in order to mine digital currency. The intrusion was first detected by researchers at cybersecurity startup RedLock Cloud Security Intelligence last month. According to them, it is difficult to tell the exact number of affected companies and how much money hackers managed to obtain before being discovered, but there is no doubt that Tesla is not the first victim. Specialists say that enterprise networks and, especially, public cloud platforms are main cyber criminals’ targets because they have a huge amount of processing power that can be used for malicious deeds.
Researchers working at RedLock Cloud Security Intelligence discovered the breach that led them straight to Tesla while trying to find out which organization left credentials of the Amazon Web Services (AWS) account unprotected. It turned out that hackers first infiltrated a console called Kubernetes – an administrative portal that enables managing cloud applications easier. It was not password-protected, so hackers managed to access it without any difficulties. One of the console’s storage containers (they are also known as “pods”) contained credentials that allowed them to access the Tesla’s Amazon Web Services cloud environment. It contained an Amazon S3 bucket which had some sensitive information, including telemetry and vehicle servicing data. Tesla spokesperson confirmed that the breach had not affected customer data: “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way”.
One of these “pods” hackers managed to access was employed to mine cryptocurrency, as research confirmed. Surprisingly, cyber criminals did not use any well-known software for mining digital currency. Instead, they installed their own software with a malicious script, which shows that attackers are becoming more and more sophisticated. They also took other measures not to get caught. According to analysts, it is very likely that the mining software they used was configured not to use all CPU power to evade detection. In addition, the mining software communicated with the C&C server using an unusual port. Last but not least, the true IP address of the mining server was hidden behind the CloudFlare service. Finally, the SSL web encryption was used to hide the attack. As can be seen, hackers used great tricks to hide their malicious activities, so it is not surprising at all that it took some time for the breach to be detected by specialists. If RedLock specialists had not detected the intrusion, the chances are high that cyber criminals would have been able to mine cryptocurrency using the processing power of the Tesla’s cloud platform for an indefinite period of time because such malicious activities are hardly noticeable.
Even though the detailed report regarding the attack against Tesla’s cloud account was released some time ago, some questions are still left unanswered. For example, it is unknown what cryptocurrency was being mined. Hackers usually prefer Monero and Bitcoin as they allow them to stay anonymous, but it is unclear whether these are cryptocurrencies they wanted to obtain in this case too. Also, still not much is known about the mining software used in the attack as well.
According to data obtained by RedLock, around 58 percent of all organizations use public cloud services today. Specialists say that 8 percent of those companies could have already become victims of the cryptojacking. It is not very likely that hackers will stop performing these attacks anytime soon because of the rise of cryptocurrencies, according to them. Also, organizations still do not use effective programs to protect their cloud accounts, which is why it is quite easy for attackers to hack them and then do whatever they want on them.
References:
- Cryptojacking. Hacker bits
- Free Images. Pixabay
- Hawkins, A. J. Tesla’s Cloud was Used by Hackers to Mine Cryptocurrency. The Verge
- Lilly, P. Hackers Infiltrated Tesla’s Amazon Cloud Account to Mine Cryptocurrency. PC Gamer
- Morse, J. Someone Hacked a Tesla Cloud Account to Mine Cryptocurrency. Mashable
- Newman, L. H. Hack Brief: Hackers Enlisted Tesla’s Public Cloud to Mine Cryptocurrency. Wired
- Tesla, Inc. Wikipedia