Marking a new phase in online hackers’ continuing bids to re-allocate resources over the internet to rapidly mine cryptocurrencies, Tesla Motors has revealed that – thanks to RedLock’s Cloud Security Intelligence team – its cloud environment has been compromised.
RedLock revealed that Tesla Motors has apparently been leveraging hundreds of open-source systems, which have been accessible online without any form of password protection.
Accordingly, hackers were able to access portions of the motor company’s Amazon cloud suite, and successfully re-allocated resources to mine various cryptocurrencies.
RedLock outlined that the hackers made use of the Stratum mining protocol, and evaded detection by hiding the IP address of the mining pool server behind CloudFlare, and accordingly kept CPU usage at low levels.
Tesla has confirmed that there is “no indication” that the breach has affected the privacy of its customers or the security of its vehicles.
In a statement to Gizmodo, RedLock CTO Gaurav Kumar outlined that “The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data… In particular, organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.”
“Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity”, Kumar continued to say.
The misappropriation of Tesla’s cloud environment might well be the tip of the iceberg. RedLock has provided estimates that up to 8% of organizations might face cryptojacking attacks in the near future.
A worrying trend
In a recent study conducted on some 750 large-scale British IT businesses, software developer Citrix found that 4% of firms holding cryptocurrencies revealed that they were holding portfolios as a ready ransom in the event of a ransomware attack.
Opera Software, the team behind the popular Opera mobile browser, recently revealed estimates that cryptojacking scripts affect over one billion users around the world, while some three million websites are further predicted to have been exposed to similar malware.
Opera recently made headlines for its decision to add cryptocurrency mining protection as a standard feature across all its mobile browsing platforms.
Have your say!
Could IT businesses and cloud-based providers be forced to take preventative measures to ensure that their platforms do not fall prey to cryptojacking attacks in the near future? How could such firms do so? Be sure to let us know your opinion on Twitter – join the conversation @coininsidercom!