According to security research firm RedLock’s Cloud Security Intelligence (CSI) team, electric car manufacturer Tesla’s cloud account was hacked and used to mine cryptocurrency. The report, released Monday, comes as crypto-related cybercrime is on the rise and users and exchanges are struggling to keep up with hackers and the constantly evolving methods they employ to steal money and information.
RedLock’s researchers say they found Tesla’s unprotected information on a Kubernetes console, which is a Google-designed system for optimizing cloud applications. It is this exposure that allowed hackers to access the company’s cloud. The breach was discovered last month when the CSI team was trying to determine who or what had left credentials for an Amazon Web Services account open to the public.
This isn’t the first instance the researchers uncovered: First there was Aviva, a British multinational insurance company, and then Gemalto, the world’s largest manufacturer of SIM cards. Before discovering Tesla’s security issue, RedLock reports that hackers had secretly infiltrated these organizations’ public cloud environments to mine cryptocurrencies as well.
RedLock immediately reported the incident to Tesla, and the company quickly attempted to fix things. A Tesla spokesperson confirmed that no customer data was compromised by the breach: “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” the spokesperson said. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
According to the report, once the hackers gained access to Tesla’s cloud servers they began running a mining protocol called Stratum to mine for cryptocurrencies, evading detection by obscuring the true IP address of the mining server and keeping the CPU usage low.
What’s particularly interesting is that, according to RedLock, using Tesla’s cloud account to mine cryptocurrency is more valuable than any data actually stored within it:
“The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data,” RedLock CTO Gaurav Kumar told tech website Gizmodo.
Cryptojacking efforts like the one that hit Tesla are growing increasingly common. RedLock estimates that 58% of organizations that use public cloud services — such as Amazon Web Services, Microsoft Azure, or Google Cloud — have publicly exposed “at least one cloud storage service;” Of these, 8% have experienced some sort of cyberattack.