Cybersecurity firm RedLock has revealed that electric car maker Tesla has been unwittingly mining cryptocurrency for hackers. So called “cryptojacking” has become an increasing threat and recent high profile attacks have seen user browsers hijacked for Monero-mining. Earlier this month a slew of government sites worldwide were compromised by a vulnerability in the Browseaware plug-in.
However, now hackers have a new target: companies’ cloud storage accounts.
Cloud storage has become popular as a way for companies to house data, such as for websites, as rather than maintain their own server rooms they can get someone else to manage their servers for them. The most popular of these is Amazon Web Services (AWS). Cloud storage may be cheap and convenient but it raises its own security concerns.
Cybersecurity firm RedLock identified multiple cases of unsecured AWS credentials left on the public internet. Tracing the credentials led them to the owner, Tesla. Unfortunately by the time RedLock noticed them, hackers had too.
The attack reveals the increasing sophistication of cryptojacking. Hackers had hidden the malware behind an IP address from security company Cloudfare. They also managed to disguise the amount of CPU resources taken by the unauthorised cryptocurrency mining, and so avoid being too conspicuous.
At this point the type of cryptocurrency, and the amount mined, is unknown.
Tesla pays a bounty to anyone who reports a security issue to the company. RedLock received $3,133.70 for the report. A spokesperson for Tesla said that the issue had been resolved “within hours of learning about it”.
Varun Badhwar of RedLock suggests that this kind of attack will only become more popular. “Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity,” he said.
Image From Shutterstock