The American company Tesla, the manufacturer of electric vehicles and power storage solutions, became a victim of hackers: having found a vulnerability in the Tesla account on Amazon, scammers got access to the cloud infrastructure of the company and used its resources for the cryptocurrency mining. The hackers found the company specializing in cyber security company RedLock. Hackers took advantage of a vulnerability in the Kubernetes service available from the Internet due to lack of password protection, which contained information for accessing the Tesla cloud store in the Amazon Web Service.
"A couple of the instances belonged to Aviva, a British multinational insurance company, and Gemalto, the world's largest manufacturer of SIM cards. Within these consoles, access credentials to these organizations' Amazon Web Services (AWS) and Microsoft Azure environments were exposed. Upon further investigation, the team determined that hackers had secretly infiltrated these organizations' public cloud environments and were using the compute instances to mine cryptocurrencies," RedLock said.
This eventually led RedLock to Tesla's account. The company notes that the attack on Tesla's cloud account was similar to the ones at Aviva and Gemalto, but with some notable differences.
"The hackers had infiltrated Tesla's Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry," RedLock says.
The hackers used one of the pods to mine crytpocurrency. To avoid detection, the hackers did not use any well-known public mining pools, and instead installed their own software with a malicious script to connect to an unlisted or semi-public endpoint. They also hid the true IP address of their custom mining pool server behind CloudFlare, a free content delivery network (CDN) service.
"We maintain a bug bounty program to encourage this type of research," a Tesla spokesperson told Fortune, adding that it began addressing the vulnerability "within hours of learning about it."
"The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way," the spokesperson said.
According to RedLock's data, around 58 percent of organizations use public cloud services. Of those, 8 percent have fallen prey to cryptojacking.
This has become a growing threat and probably will not disappear anytime soon. That is especially true with Bitcoin being on the rebound from its recent tumble. At the time of this writing, Bitcoin is trading at nearly $11,700, after dipping to below $7,000 earlier this month.