Technologist - The FindLaw Legal Technology Blog

Hackers 'Cryptojack' Tesla Cloud

Just when you thought you had a grasp of cybersecurity, criminals have found another way to hack your computers: cryptojacking.

Tesla recently discovered the problem on its cloud system. The company quickly reported that it did not affect customer privacy or vehicle security.

But the breach illustrates another reason to double-down on cybersecurity measures. It's no time to risk some hacker taking over your computers.

Cryptojacking

Redlock, which tests cloud security, notified Tesla of the break-in. Tesla was running open-source systems, and hackers accessed the company's Amazon cloud environment.

"The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations' compute power rather than their data," RedLock CTO Gaurav Kumar told Gizmodo. "In particular, organizations' public cloud environments are ideal targets due to the lack of effective cloud threat defense programs."

Kumar said his team has uncovered a number of cryptojacking incidents in the past few months. He said the cybercrime will likely increase because cloud security programs are "immature."

"Organizations need to proactively monitor their public cloud environments for risky resource configurations, signs of account compromise, and suspicious network traffic just as they do for their on-premise environments," he said.

Account Credentials

In a new report, RedLock describes its recent studies into cybercrime. The company says cloud environments are especially at risk.

"Most notably, the research suggests that cryptojacking will become a serious issue in AWS, Azure, and Google Cloud environments and the primary attack vector will be compromised account credentials," the report says.

In Tesla's case, the security firm said hackers attacked a mining protocol and evaded detection by hiding the true IP address. Kumar said most organizations will never know they've been attacked by cryptojackers.

Tesla said it has a bug bounty program to address such problems, and handled it within hours of discovery.

Related Resources: