Tesla cloud systems exploited by hackers to mine cryptocurrency

02-20 22:00

Tesla's cloud environment has been exploited by threat actors to mine cryptocurrencies, researchers have discovered.

On Tuesday, cloud security firm RedLock released the firm's 2018 Cloud Security Trends report which documents the discovery of an unprotected Kubernetes console belonging to automaker Tesla.

The Kubernetes console is used to automate the deployment, scaling, and operation of application containers, virtualized software, and some cloud-based services.

Google's open-source Kubernetes system is used securely by countless enterprise players worldwide, but in this case, an unsecured console exposed access credentials to Tesla's Amazon Web Services (AWS) environment.

Researchers from the RedLock Cloud Security Intelligence (CSI) team discovered that cryptocurrency mining scripts, used for cryptojacking -- the unauthorized use of computing power to mine cryptocurrency -- were operating on Tesla's unsecured Kubernetes instances, which allowed the attackers to steal the Tesla AWS compute resources to line their own pockets.

Tesla's AWS system also contained sensitive data including vehicle telemetry, which was exposed due to the unsecured credentials theft.

"In Tesla's case, the cyber thieves gained access to Tesla's Kubernetes administrative console, which exposed access credentials to Tesla's AWS environment," RedLock says. "Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets."

The unknown hackers also employed a number of techniques to avoid detection. Rather than using typical public mining pools in their scheme, for example, the threat actors instead installed mining pool software and instructed the mining script to connect to an unlisted endpoint.

According to the researchers, this technique makes it more difficult for domain and IP-based threat detection systems to detect such activity.

In addition, the cyberattackers hid the true IP address of the mining pool to keep CPU usage low and prevent a level of suspicious traffic which would likely have been quickly detected.

The RedLock team made Tesla immediately aware of the discovery and the security issues surrounding the Kubernetes console have now been addressed.

Within the report, RedLock also said that the "cryptocurrency effect" is in full sway. Threat actors have begun using scripts, ransomware, and other tactics to mine or steal valuable cryptocurrency assets.

While roughly eight percent of organizations are now believed to suffer from this type of attack, the majority has gone unnoticed due to ineffective network monitoring.

In addition, the company says that poor use and API access rules have led to close to three-quarters of businesses allowing root user accounts to be used to perform general activities, and with the General Data Policy Regulation (GDPR) going into effect in a matter of months, "organizations are far from where they need to be to effectively govern the cloud and ensure compliance."

See also: Hack the Air Force 2.0 uncovers over 100 vulnerabilities

"The message from this research is loud and clear-the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities," said Gaurav Kumar, CTO of RedLock. "Security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough."

ZDNet has reached out to Tesla for additional information and will update if we hear back.

标签: 特斯拉 云计算 黑客
© 2014 TuiCode, Inc.