Hackers broke into Tesla’s public cloud environment, gaining access to non-public Tesla data and stealing compute resources within the company’s Amazon Web Services (AWS) environment for cryptojacking, according to a new report from security firm RedLock.
RedLock researchers immediately informed Tesla of the hack, and the vulnerabilities have been addressed, the report noted. The cybercriminals gained access to Tesla’s Kubernetes administrative console, which exposed access credentials to Tesla’s AWS environment and provided access to non-public Tesla data stored in Amazon Simple Storage Service (S3) buckets.
Organizations that continue to employ poor user and API access hygiene, as well as ineffective visibility and user activity monitoring, are more vulnerable to breaches, according to the report. Some 73% of organizations allow the root user account to be used to perform activities, which goes against security best practices. And 16% of organizations have user accounts that have potentially been compromised, the report stated.
The hackers also performed cryptojacking using Tesla’s cloud compute resources, and used techniques such as mining pool software to hide their activity. Some 8% of organizations have been impacted by cryptocurrency mining, the report found, though it often goes unnoticed. Cryptocurrency mining has lead to a strong demand for GPUs, making them harder to obtain for scientific research and gaming hardware.
“The message from this research is loud and clear—the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities,” Gaurav Kumar, CTO of RedLock, said in a press release. “In our analysis, cloud service providers such as Amazon, Microsoft and Google are trying to do their part, and none of the major breaches in 2017 was caused by their negligence. However, security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough.”