Hackers have infiltrated a public cloud environment owned by Tesla Inc and have cryptojacked it to mine cryptocurrency, a Cloud Security Intelligence (CSI) team at cybersecurity startup RedLock said on Tuesday.
"Hackers not only gained unauthorized access to non-public Tesla data, but were also stealing compute resources within Tesla's Amazon Web Services (AWS) environment for cryptojacking", RedLock said today, noting that "the researchers immediately informed Tesla of its findings, and the vulnerabilities have already been addressed."
In Tesla's case, apart from the data exposure, the RedLock research team noted some sophisticated ways the hackers had used to evade detection, including hiding the true IP address of the mining pool, installing mining pool software, and likely keeping computer CPU usage deliberately low to evade detection.
"The RedLock CSI team immediately reported the incident to Tesla and the issue was quickly rectified," RedLock said in a blog post today.
According to RedLock, Tesla was the latest victim of the current "cryptojacking epidemic", in which hackers use vulnerabilities at computers of unsuspecting victims to mine cryptocurrencies such as bitcoin. Previous cryptojacking attacks have been detected by RedLock at UK's insurance company Aviva and at Dutch digital security company and the world's largest manufacturer of SIM cards, Gemalto. Cloud services environments at those two companies were also exposed and upon further investigation, RedLock's team found that hackers had broken into the public cloud environments and were using the compute resources to mine cryptocurrencies.
Alongside the cryptojacking at Tesla, RedLock also announced today its new report, Cloud Security Trends, which says that 16 percent of organizations have user accounts that have potentially been compromised, 83 percent of vulnerable hosts in the cloud are receiving suspicious traffic, and 66 percent of databases are not encrypted. In addition, the research has shown that 8 percent of organizations suffer from cryptojacking, which mostly goes unnoticed because of ineffective network monitoring, according to RedLock.
By Tsvetana Paraskova for Oilprice.com
More Top Reads From Oilprice.com:
Tsvetana is a writer for Oilprice.com with over a decade of experience writing for news outlets such as iNVEZZ and SeeNews. More