A hackers group broke into a Tesla-admin Amazon cloud account and used it to cryptocurrency mining, The breach also exposed established data for the electric carmaker.
On Tuesday 20 Feb 2018, cloud security firm RedLock published the firm’s 2018 Cloud Security Trends report which documents the process of an unprotected Kubernetes console referring to automaker Tesla. while according to Sucuri researchers an article on Wikipedia was edited and inserted with a third party link which was compromised to mine cryptocurrency.
Tesla’s AWS Account Hacked To Cryptocurrency Mine
Tesla’s AWS security also contained sensitive data including vehicle telemetry, which was flashed due to the unsecured credentials theft.
The unknown hackers also operated a number of systems to bypass detection. Fairly applying heavy mining pools in their system, for example, the threat instead installed mining pool software and instructed the mining script to connect to an unlisted endpoint.
Crypto mining script running in Tesla’s( Image credit:Redlock)
According to the security administrator, this method makes it more difficult for a domain and IP-based threat detection systems to detect such activity.
RedLock releasee a report in a Monday that it expects 55% of organizations that use public cloud services, such as AWS, Microsoft Azure, or Google Cloud, have exposed to the public “one cloud storage service.” Eight percent have had cryptojacking incidents, according to RedLock.
Uber recently got into hot water with regulators for failing to promptly report a breach that exposed data for 57 million account holders. The hackers reportedly gained access to the data after acquiring keys to the ride-hailing firm’s Amazon cloud accounts, which Uber developers were said to have left open on the code-sharing website Github.
This post was updated to include a statement from Tesla and to correct a typo in the sum of its bounty award.
“The message from this research is loud and clear-the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities,” said Gaurav Kumar, CTO of RedLock. “Security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough.”
Update 15.46 GMT: A Tesla spokesperson told ZDNet:
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”