Ever heard of cryptojacking? It’s a new term that explains the use of malware to stealthily gain access to and hijack a victim’s computer network in order to use their computing power to mine cryptocurrencies. This is something that hackers have been ratcheting up of late. To add to the growing list of the big companies targeted by these cyber crooks is Tesla.
Apparently, Tesla has been the unwilling host for a cryptocurrency-mining malware that has evaded detection for some time before researchers at RedLocks ran into it. The malware is found to have gained access to Tesla cars through the company’s cloud network via an unsecured Kubernetes console. Kubernetes is a utility that many companies use to administrate cloud-based software applications. Once in the system, the hackers used Tesla’s system resources to mine cryptocurrencies.
The malware is said to have been operating in such a stealth manner that it could have stayed under the radar for very long had the researchers not taken notice. The hackers hijacked an IP address hosted by Cloudflare, a security company, and then used a dormant port to connect the malware to the internet in an unsuspicious public pool. This made it hard for anyone to notice the hack. Since Tesla is a big company with huge electricity bills and multiple systems running, it would have been almost impossible for anyone within the company to uncover the malware. For its part, RedLocks notified Tesla of the hack and the breach was contained within hours. Tesla doled out a $3,000 reward for the save, which RedLock donated to charity.
According to Gaurav Kumar, who is the CTO of RedLock, such malware attacks have been on the increase especially in the cloud environment. This comes as the prices of various cryptocurrencies rise, extending quite a stake to hackers with interest in them. Luckily, none of Tesla’s customer information was compromised by this hack since the cloud environment is a distributed storage system with various levels of access. However, the hackers are suspected to have had access to some of Tesla's car telemetry and designs.
In the wake of such reports, the focus is trained on the effective use of both home and business computer security systems as well as proper training of personnel in matters computer security. The use of viable antivirus software is encouraged in such vulnerable environments.