Hackers Enlisted Tesla’s Public Cloud to Mine Cryptocurrency
Author: Lily Hay Newman / Source: WIRED
Tesla joins the ever-growing list of companies targeted by cryptojacking hackers.
Cryptojacking only really coalesced as a class of attack about six months ago, but already the approach has evolved and matured into a ubiquitous threat. Hacks that co-opt computing power for illicit cryptocurrency mining now target a diverse array of victims, from individual consumers to massive institutions — even industrial control systems. But the latest victim isn’t some faceless internet denizen or a Starbucks in Buenos Aires. It’s Tesla.
Researchers at the cloud monitoring and defense firm Red Lock published findings on Tuesday that some of Tesla’s Amazon Web Services cloud infrastructure was running mining malware in a far-reaching and well-hidden cryptojacking campaign. The researchers disclosed the infection to Tesla last month, and the company quickly moved to decontaminate and lock down its cloud platform within a day. The carmaker’s initial investigation indicates that data exposure was minimal, but the incident underscores the ways in which cryptojacking can pose a broad security threat — in addition to racking up a huge electric bill.
Red Lock discovered the intrusion while scanning the public internet for misconfigured and unsecured cloud servers, a practice that more and more defenders depend on as exposures from database misconfigurationsskyrocket.
“We got alerted that this is an open server and when we investigated it further that’s when we saw that it was actually running a Kubernetes, which was doing cryptomining,” says Gaurav Kumar, chief technology officer of Red Lock, referring to the popular open-source administrative console for cloud application management. “And then we found that, oh, it actually belongs to Tesla.” You know, casual.
The attackers had apparently discovered that this particular Kubernetes console — an administrative portal for cloud application management — wasn’t password protected and could therefore be accessed by anyone. From there they would have found, as the Red Lock researchers did, that one of the console’s “pods,” or storage containers, included login credentials for a broader Tesla Amazon Web Services cloud environment. This allowed them to burrow deeper, deploying scripts to establish their cryptojacking operation,…
