Researchers at cloud monitoring and defense firm RedLock detected that Tesla’s cloud system was infected by cryptocurrency mining malware. Hackers were able to breach into Tesla’s Amazon Web Services cloud infrastructure due to an unprotected Kubernetes administration console.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
In simple terms, hackers got their hands on credentials that were poorly protected within Kubernetes, a Google designed open-source system that optimizes cloud-based applications and resources.
RedLock researchers report:
“The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.”
The Discovery and Point of Entry
The rise in cryptocurrency prices over the last several years has led many hackers to infiltrate systems in order to earn digital assets. And not only normal businesses but major companies can be affected, posing a broader security threat. Tech company extraordinaire Tesla just found this out the hard way.
RedLock discovered the breach while routinely scanning for unsecured cloud servers. Similarly to the hackers, researchers came across the unprotected Kubernetes console, which led them to one of the pods that had login credentials. This permitted attackers to deploy mining malware scripts to the Tesla Amazon Web Services cloud infrastructure.
The cryptocurrency mining operation was employed using Stratum — a cryptocurrency mining protocol.
The illicit mining malware was well-hidden and curtained behind a Cloudflare hosted IP address. In addition, attackers kept the consumption of CPU resources low in order to conceal the malware.
Tesla: Customer Data Not Affected
RedLock did not specify which coin was mined and how much. However, Monero (XMR) is the most common cryptocurrency mined using cryptojacking mining scripts.
RedLock informed the carmaker Tesla about its discoveries through the bug bounty program. Tesla swiftly disinfected the contaminated sector within a day. The carmaker declared that customer data and vehicle data were not compromised. Tesla rewarded the cyber defense firm about $3,000, which the company donated to charity.
In an email statement, a Tesla representative wrote:
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
RedLock has discovered similar illicit cryptocurrency mining operations that were enacted using unprotected Kubernetes administration consoles. Some of the victims include Gemalto, the world’s largest SIM card manufacturer, and Aviva — a London-based multinational insurance company.
Are big businesses equally as vulnerable to cryptojacking as small businesses? Let us know your opinion in the comments section below.
Images via CleanTechnica, MakeUseOf