Crypto Miners Hijack Tesla AWS Servers

In proof that no one is immune to crypto mining attacks, Tesla AWS servers were found to have been hijacked to run crypto mining scrips to mine cryptocurrency right on the cloud.

Hackers exploited and gained access to this unsecured cloud environment, which the automaker had left vulnerable due to misconfiguration. They were also able to catch a glimpse of the sensitive on store over there.

The car maker is headed by Elon Musk, and the company is also involved in the energy business.

Security researchers at RedLock discovered the breach, as they were searching for the organization that was behind an Amazon Web Services account that was left open to the public. This led them to an unsecured Kubernetes container console, which they found have provided hackers access.

They documented the situation in their February 2018 Cloud Security Trends report, saying:

“Essentially, hackers were running crypto mining scripts on Tesla’s unsecured Kubernetes instances. To conceal their identity, the scripts were connecting to servers that reside behind CloudFlare, a content delivery network.”

The AWS system also contained valuable information like vehicle telemetry.

Apparently, Tesla was unable to notice the nefarious network activity because of the techniques the threat actors used to conceal their activities. They basically made it difficult for domain and IP based detection systems to spot their activities by hiding the true IP address of the mining pool.

CPU usage was also kept low, so as to prevent a level of suspicious traffic.

Ingenious, really.

Despite the inevitability of the attack, researchers are of the view that both Amazon and Tesla share responsibility here, arguing that the cloud giant could do more to prevent these attacks.

Which are becoming rather frequent now.

Anyway, while the fault in these scenarios is never black and white, it ultimately comes down to customers first and foremost. It is up to them to follow security best practices and run routine checks to make their sure cloud environments and workloads are safe and secure.

You can download the report here.