With the boom in the digital economy, cyber crime has surged. Hackers have even progressed from pulling off scams and stealing money from user wallets, and are now targeting the giant cloud computing rigs of large industries.
Discover credible partners and premium clients at China’s leading finance event!
A report published on Tuesday by the ‘Cloud Security Intelligence’ team of security firm RedLock revealed that hackers were infiltrating the public cloud computing environment of Tesla, the world’s leading electric car manufacturer, in order to mine cryptocurrency.
Hackers accessed Tesla’s AWS cloud environment using a non-password protected Kubernetes software container. This Kubernetes container was later used to mine cryptocurrency. However, it is not yet known for how long the cryptojacking continued.
Moreover, the hackers were very cautious and refrained from using any already-known mining pools. To complicate the detection process, they put up their own mining software and connected the malicious script to an ‘unlisted’ endpoint. They even kept the CPU usage to a minimum to prevent being spotted.
According to the published report, Redlock had informed the car manufacturer and their security teams have already addressed the vulnerability.
Replying to an email from VentureBeat, a spokesperson from Tesla wrote: “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
This is not a lone incident. In October last year, the same team from Redlock exposed a similar incident in two companies – Aviva and Gemalta.
Redlock’s CTO and head of the CSI team, Gaurav Kumar, said in a statement: “The message from this research is loud and clear — the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities.”
“In our analysis, cloud service providers such as Amazon, Microsoft and Google are trying to do their part, and none of the major breaches in 2017 was caused by their negligence. However, security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough,” he added.
TheBitcoinNews.com – Bitcoin News source since June 2011 –
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored posts are always flagged as this, guest posts, guest articles and PRs are most time but NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise
Our Social Networks: Facebook Instagram Pinterest Reddit Telegram Twitter Youtube