The world is dynamic and it is changing rapidly. This has always been true. But look at how quickly it has changed in the last ten years. — Internet of things, virtual reality, cryptocurrencies, it’s all happening! Nothing is stagnant. It does not stand still. And neither do you. Like it or not, the digital world is the real world these days and cryptocurrency is the most talked about currency which may improve the global finance toward a future with technology in currency. The easiest way to make quick money is mining cryptocurrency. This time, however, researchers at California based Cloud threat defense company RedLock have discovered that hackers have compromised Tesla’s Amazon cloud account to mine cryptocurrency. Let’s take a look what exactly happened
A group of attackers were able to break the security of Tesla’s Amazon cloud server and mine digital currency through it. Besides, it additionally enabled them to get to the organization’s exceedingly delicate information, for example, telemetry. Researchers said that hackers figured out how to get into the administration console for Tesla’s Kubernetes account since it wasn’t password protected. Kubernetes is an open-source framework composed by Google for upgrading cloud applications. As per RedLock’s researchers, the incident was found while searching for publically uncovered Amazon Web Services (AWS) servers and one of them ended up being of Tesla, open for public use without any password. Below figure is showing us the exposed credentials of Tesla’s AWS environment
According to RedLock’s researchers “The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod (an open-source system developed by Google and now maintained by Cloud Native Computing Foundation.), access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry,”
In short, attackers used cryptojacking technique to mine cryptocurrency. You can read my previous post to know more about cryptojacking. They also concealed the genuine IP address of the mining pool server behind CloudFlare,a free content delivery network (CDN) service and because of that they were able to use new IP address on-demand by registering for free CDN services. This makes IP address based detection of crypto mining activity even more tough. The below figure shows us the Crypto mining script running in Tesla’s Kubernetes pod.
The RedLock’s researchers immediately reported the incident to Tesla and the issue was quickly solved. Tesla sent a statement to media outlets in which it said “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way”
How to prevent such compromises?
- Monitor configurations: Organizations should monitor risky configurations. If you notice that your CPU goes into overdrive, it may be due to cryptojacking. You should closly monitor CPU’s usage.
- Monitor Network Traffic:Organisations should closly monitor network traffic.They should monitor network traffic and compare it with configuration data.