Hackers infiltrated Tesla (Electric vehicle company) which is in Amazon cloud environment


By MYBRANDBOOK


Hackers infiltrated Tesla (Electric vehicle company) which is in Amazon cloud environment

Hackers infiltrated Tesla (Electric vehicle company) which is in Amazon cloud environment and stole computer resources to mine for cryptocurrency, according to the security firm RedLock. There is new trend in security is going on like cryptojacking incidents. With this a question mark is on whether the public cloud is safe to deploy? Breaches at cloud service providers were almost never the fault of the host-Amazon, Microsoft, Google. As the public cloud security is a shared responsibility. Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities.

 

Public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. According to RedLock’s Cloud Security Report-alert Tesla as soon as about the intrusion and the vulnerability was addressed, where unstructured data was there. The electric vehicle company was reportedly running one of hundreds of open-source systems and the found accessible online without password protection. The exposure allowed hackers to access Tesla’s Amazon cloud environment, RedLock said.

 

Tesla spokesperson said there is “no indication” the breach impacted customer privacy or compromised the security of its vehicles. “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.

 

According to RedLock, mining cryptocurrency is likely a more valuable use of Tesla’s servers than the data it stores. The crooks employed cryptocurrency mining software called Stratum, but the researchers said they were uncertain of the type and amount of virtual loot mined. They were also unsure how long the intruders had access. The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data.

 

The hackers hid their tracks using Stratum mining protocpl and find the clever tricks of hiding true IP address of mining pool server by keeping CPU usage low demanded by the cryptomining software and to mask their Internet addresses behind services offered by CloudFlare.

 

Organizations need to proactively monitor their public cloud environments for risky resource configurations, signs of account compromise, and suspicious network traffic just as they do for their on premise environments. It is advised not to share the root user account to be used to perform activities-behavior that goes against security best practices and in some cases user accounts that have potentially been compromised, reason being databases are not properly encrypted.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org