Crooks hacked Tesla’s cloud resources to run Stratum cryptocurrency-mining malware
Hackers broke into Tesla’s cloud environment and stole resources to mine cryptocurrency, cybersecurity firm RedLock confirmed on Tuesday. Hackers exploited an unsecured Kubernetes administrative console that lacked password protection. They ran scripts on it and enabled Stratum malware letting them to mine digital coins on Tesla’s dime hiding behind an IP address hosted by security firm Cloudflare.
Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.
RedLock’s Cloud Security Intelligence team was the first one that noticed the supposed intrusion last month already when trying to reveal which organization left credentials for an Amazon Web Services (AWS) account readable to the public. A close investigation revealed that AWS’s owner is Tesla. Soon after that, CSI revealed the Tesla’s account hack and reported the vulnerability.
Criminals hide themselves under Cloudflare IP address
Security experts point out to the fact that hackers managed to evade immediate detection by concealing the footprints by the IP address hosted by well-known security firm Cloudflare. Thy cryptocurrency mining software has also been configured in a non-standard way. The used a non-standard port for establishing an Internet connection and connected to semi-public mining pools. The CPU consumption typical of cryptomining software has been reduced intentionally to evade easy detection and shutdown.
The scheme cryptocurrency miners used potentially exposed an Amazon S3 bucket holding Tesla telemetry, mapping, and vehicle servicing data. Badhwar, Tesla’s spokesperson, ascertained that personally identifiable information hadn’t been disclosed. He adds:
The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.
Tesla immunized the vulnerability quickly and appointed a 3 000 USD reward to RedLock’s researchers.
The pursuit of digital currencies leverages
Cryptocurrency mining is an old approach used for getting Bitcoin, Monero or another cryptocurrency coins. Although the mining process is not illegal, hackers exploit systems’ vulnerability, inject mining software and stealthily misuse CPU and GPU power to mine cryptocurrency.
Earlier this money extortion method was not that popular, so hackers were able to connect thousands of PCs into mining pool and get the considerable amount of virtual coins. Technology improvements nowadays pose many difficulties for hackers urging them to be more creative.
Based on the current strategies used, Amazon Web Service (AWS) is expected to be one of the most significant targets for hackers in 2018. Cybersecurity experts warn that AWS S3 buckets are at extreme danger of being exploited for malware distribution. The publicly-readable and publicly-writeable S3 servers might be stolen and further used for ransomware attacks of cryptocurrency mining.