RedLock, a cybersecurity firm, says 58 percent of businesses expose their cloud services to the public. Eight percent of these are victims of a cryptojacking attack. In which Tesla’ Amazon cloud account was hijacked.
Tesla, the company which is pioneering electric cars, was targeted in the cryptojacking attack. Hackers hijacked an administrative console of Tesla’s Amazon cloud account. They then installed crypto-mining scripts or software to mine cryptocurrency.
Tesla has since addressed the problem, according to one of their spokesman.
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it.”
Additionally, he said the problem did not lead to a compromise of client privacy or vehicle safety or security. It was, instead, limited to internally used engineering test cars only.
Most of the cryptojacking efforts are mining Monero cryptocurrency. However, it is not clear what cryptocurrency these hackers were mining or the number of coins mined.
The hackers accessed “simple storage service” (S3) containing telemetry, mapping, and vehicle servicing data. This is according to RedLock, a cybersecurity firm that found out the problem.
The firm received $3,133.70 by Tesla as reward acquired from bounty program through which Tesla rewards hackers for finding flaws in their system. The amount is a reference to 1337, an old hacker slang for the elite.
The hackers tried to hide their intentions by lowering CPU usage of the Stratum software they used to mine. They also protected their IP behind CloudFlare according to RedLock.
More businesses on cloud face cryptojacking
Meanwhile, RedLock says about 58% of companies expose their cloud services (at least one device) to the public. Eight percent of these have fallen to cryptojacking.
Tesla is not the only victim of cryptojacking in the recent past. Read about some more here. An example is government websites in Australia as well as an exploit on ads through YouTube.