Home / Channel / General Tech / Hackers cryptojack Tesla after it leaves AWS account unsecured

Hackers cryptojack Tesla after it leaves AWS account unsecured

The rise in popularity of cryptocurrency alongside its tendency to approach extremely high value has prompted an increase in hacker-based crimes. Just last week, over 4,000 UK government websites were breached in order to force them into mining cryptocurrency and now it seems Tesla is the latest victim as its cloud system has been hijacked to do the very same thing.

Cybersecurity firm RedLock was led to an unsecured Kubernetes container console belonging to Tesla while on its search for the owner of an Amazon Web Services (AWS) account that was left open to the public. Kubernetes is designed by Google to optimise cloud applications, and when left without password protection, can give access to sensitive information as well as control of services.

“In Tesla's case, the cyber thieves gained access to Tesla's Kubernetes administrative console, which exposed access credentials to Tesla's AWS environment,” states RedLock. “Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets.”

It turns out that peeking at sensitive information wasn’t the attacker’s endgame, however, as it was later discovered that the access had been used to utilise the cloud service’s compute power to mine cryptocurrency, essentially profiting at the original user’s expense.

This all fell under Tesla’s radar thanks to the mining pool software installed by the attacker rather than using public mining pools, alongside redirecting the script to mask the IP of the endpoint, thus not alerting threat detection systems.

Fortunately, the hole has now been plugged and Elon Musk’s company is now in full control of its own compute power, not to mention sensitive data.

RedLock's CTO Gaurav Kumar adds one final message for all savvy internet users in that “security is a shared responsibility: Organisations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough.”

KitGuru Says: It isn’t the least bit surprising that cryptocurrency would prompt such a response from the more malicious out there, considering it is simply digital money. The good thing is, it seems that the greater community outweigh those malevolent few and the security of every user is that little bit safer for it.

Become a Patron!

Check Also

Sony is now the largest shareholder of Kadokawa, FromSoftware’s parent company

After weeks of reports regarding Sony acquiring Kadokawa, the story has concluded. Instead of a …