After Starbucks’s coffee shop became a victim of cryptojacking, or cryptocurrency mining without the consent of users, now, one of the biggest technology and car companies in the world, Tesla has also come under cryptojacking. Usually, hackers mine for Monero and Bitcoin. What is more, when cryptojacking occurs, the computing power used significantly reduces the used device and can result in irreversible damage.
Redlock, the cybersecurity software company, just announced that hackers have managed to enter Tesla’ Kubernetes console, which allowed them to get access to Tesla’s Amazon Web Services. The console was obviously not encrypted by any password. Once hackers entered the AWS environment, they extracted confidential information. Once they were in, hackers installed the harmful crypto-mining software.
More importantly, these hackers not only used Tesla’s internal, confidential data, but also the enormous computing power and energy to mine cryptocurrencies. The attack against Tesla is of serious importance and scale, since as press noted, whoever accessed Tesla’s environment must have prepared exceptionally well to be successful in the endeavor. Ethereum World News reported the words of Tesla’s team:
“Unlike other crypto mining incidents, the hackers did not use a well known public ‘mining pool’ in this attack. Instead, they installed mining pool software and configured the malicious script to connect to an ‘unlisted’ or semi-public endpoint. This makes it difficult for standard IP/domain based threat intelligence feeds to detect the malicious activity.”
RedLock also noted that it is possible for the hackers to have configured the mining software to keep the CPU as low as possible, so that no detection of abnormal activity could take place. Usually, when computers are hacked, or other devices for mining crypto, the CPU goes up and is the most obvious sign of cryptojacking.
Interestingly enough, it was RedLock that reported the issue to Tesla’s security team. The tech company gave a small financial award to RedLock, as part of their initiative to encourage such research and help. The mining has reportedly stopped, and Tesla is now trying to identify the attacker.
Malicious attacks involving cryptocurrency mining is not unusual these days. Each company must ensure they have secured their data in the most efficient way to avoid hackers and CPU unauthorized usage. Hackers are getting more and more sophisticated in installing malware and viruses once the cryptocurrency mining begins. While CPU usage is the major sign of abnormal activity, hackers now, as in the case of Tesla, have found intelligent ways to avoid the alert that signals their actions.