Tesla's Servers Hit by Cryptocurrency Mining Attack; Poor Security to Blame

Tesla's Cloud Hit by Cryptocurrency Mining Attack, Poor Security Measures to Blame

It appears that ransomware attacks are soon going to get obsolete, equally cryptojacking is condign the new favorite tool for hackers. After infecting thousands of government websites in the US and UK with cryptocurrency mining malware, hackers have at present targeted Tesla's cloud infrastructure to pocket some cryptocurrency fortune.

Discovered by a deject security firm named RedLock, Tesla'due south AWS (Amazon Web Services) public cloud environs was found exposed without any course of security, and was thus exploited by hackers to mine cryptocurrency for an unspecified elapsing.

Tesla's Servers Hit by Cryptocurrency Mining Attack; Poor Security to Blame — Epitome courtesy: Applauss

RedLock'south CSI (Cloud Security Intelligence) team discovered that Kubernetes administration consoles belonging to Tesla in the AWS cloud ecosystem were left exposed without any countersign, leaving sensitive information such equally telemetry reports, vehicle and mapping data, etc. accessible to anyone. "We got alerted that this is an open server and when we investigated information technology further that's when we saw that it was really running a Kubernetes, which was doing cryptomining. And and so we constitute that, oh, it really belongs to Tesla.", noted RedLock CTO Gaurav Kumar.

The hackers reportedly mined cryptocurrency by injecting malicious script in the exposed Kubernetes pods containing Tesla'south information cache. Moreover, the hackers implemented some evasive measures like connecting the cryptojacking script to an unlisted endpoint, hiding the true IP address and keeping the CPU usage to a minimal level in order to avert detection. Tesla fixed the security vulnerability as soon as RedLock notified the company almost the crypto-mining incident.

When asked about the extent of the attack and whether it led to sensitive data being stolen, a Tesla spokesperson responded,"We addressed this vulnerability inside hours of learning most it. The impact seems to exist limited to internally-used engineering examination cars only, and our initial investigation institute no indication that customer privacy or vehicle safety or security was compromised in any manner."

Even though user information was not stolen, it nevertheless puts a huge question mark over the security of cloud services and the measures that must exist taken to forestall such attacks."Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity.", added RedLock'southward security master.