Yet another company has fallen prey to some cryptocurrency malware attack. The electric vehicle manufacturer, Tesla is the latest victim of the malicious actions of so-called hackers.
But then again, if they can go for government sites, then a car company is nothing, right?
Electric vehicle maker Tesla Motors has reportedly fallen victim to a crypto-currency mining malware attack. Just last week, we read about individuals falling victim to heartless hackers who are now getting more and more daring.
RedLock, the cybersecurity software firm discovered that the hackers came in through a crack found in the Kuberetes console. This was utilized to steal computer processing power from the company’s cloud environment to be used to generate digital currencies.
But this didn’t just happen out of nowhere; Tesla was alerted to the potential threat over 6 months prior to this happening so they are solely to blame.
The company is now trying to handle the matter by putting out this statement:
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it”. The statement went on to say that “the impact seems to be limited to internally used engineering test cars only and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
Different from other crypto-mining attacks, the hackers that went after Tesla did not use a public mining pool. But rather, they put in a mining pool software and hid it at the back of CloudFlare, which permitted them to obscure the IP address of their mining pool server. This made it nearly impossible for anyone to find it. They went a step further to ensure that they would not be caught by keeping the CPU usage at a minimum during their attack.
RedLock CTO, Gaurav Kumar is of the thought that public cloud environments are especially vulnerable and open to mining hacks, which has been on the rise in addition to the increase in virtual currencies’ price.
He said: “Organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defence programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.”
I wonder how Elon Musk will begin to deal with such a problem knowing that he spoke on a similar topic last year about the car being more vulnerable as it gets more connected to the cyber-world.