• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

When Big Tech Leave Open Access

February 23, 2018 By Trevor Collins


Tesla is known not just as a car company but as a technology company, as is evident by their heavy presence in Amazon AWS. Hackers recently took advantage of this reliance on tech by gaining access to and using Tesla’s AWS account to run their own cryptocurrency mining operation.

According to a recent report from RedLock, hackers gained access to a Tesla management console, which lacked password protection, and retrieved AWS API keys that were stored in plain text. Using these API keys, the hackers were able to view sensitive engineering telemetry data, and obtain control over allocating computing resources.

With their access to Tesla’s virtual computing power, the hackers started a covert cryptocurrency mining operation using Tesla’s Kubernetes environment. RedLock did not state what cryptocurrency the attackers chose to mine.

The attackers used techniques to hide their operation, indicating that they knew what they were doing and had likely done it before. For instance:

  • They didn’t use public mining pools. This would prevent network monitoring tools from detecting suspect connections to known mining pool servers.
  • They used custom mining software with nonstandard ports to ensure no firewall could identify the malicious connections by port uses.
  • The attackers hid their pool address behind CloudFlare, a content delivery network used for many legitimate and some illegitimate purposes.
  • The hackers configured their mining software to reduce CPU usage so that the load on the server wouldn’t be noticeable.

From the report, this looks to be a new variation of hackers hijacking your computer and using it to mine for cryptocurrency, though on a much more sophisticated level. It just goes to shows that even well-known technology companies can fall victim to these types of attacks.

Luckily for Tesla, nothing outside of the telemetry data was compromised and the attackers spared them from more damaging threats like ransomware. After an investigation, Tesla found that customer privacy was not compromised in this attack. As far as we know, this could have easily gone much worse for the company.

Tesla could have avoided this attack by safeguarding their API keys with password protection on their management console and by preventing external access to their internal servers. For example, If you need to access an internal server from the internet, you should use a VPN to keep access restricted and secure. In today’s environment, exposing sensitive resources to the internet, even with password protection, is no longer an option. –Trevor Collins

Share This:

Related

Filed Under: Editorial Articles Tagged With: Hacking, Infosec news, Security breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use