Hackers stole information and compute resources for cryptojacking from an AWS S3 bucket, according to RedLock.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 73% of organizations allow the root user account to be used to perform activities, which goes against security best practices. -- RedLock, 2018
- Hackers broke into Tesla's public cloud environment and gained access to non-public Tesla data, as well as stole compute resources within Tesla's Amazon Web Services environment for cryptojacking. -- RedLock, 2018
Hackers broke into Tesla's public cloud environment, gaining access to non-public Tesla data and stealing compute resources within the company's Amazon Web Services (AWS) environment for cryptojacking, according to a new report from security firm RedLock.
RedLock researchers immediately informed Tesla of the hack, and the vulnerabilities have been addressed, the report noted.
Organizations that continue to employ poor user and API access hygiene, as well as ineffective visibility and user activity monitoring, are more vulnerable to breaches, according to the report. Some 73% of organizations allow the root user account to be used to perform activities, which goes against security best practices. And 16% of organizations have user accounts that have potentially been compromised, the report stated.
SEE: Intrusion detection policy (Tech Pro Research)
The cloud also continues to create security problems for many enterprises, the report found. While the vulnerabilities tapped by Spectre and Meltdown should serve as a wakeup call for organizations to address security in the cloud, the report found that 83% of vulnerable hosts in the cloud are receiving suspicious traffic.
Last year, RedLock found that hundreds of Kubernetes administration consoles were accessible over the internet without password protection, and were leaking credentials to other critical applications.
In this Tesla hack, the cybercriminals gained access to Tesla's Kubernetes administrative console, which exposed access credentials to Tesla's AWS environment and provided access to non-public Tesla data stored in Amazon Simple Storage Service (S3) buckets.
This is far from the first security incident involving S3 buckets: Last week, critical FedEx customer data was left exposed after an unsecured AWS S3 storage server was found without even a simple password protecting it. Similar leaks involving S3 buckets have been experienced at Dow Jones, Verizon, and GOP analytics firm Deep Root Analytics.
The hackers also performed cryptojacking using Tesla's cloud compute resources, and used techniques such as mining pool software to hide their activity. Some 8% of organizations have been impacted by cryptocurrency mining, the report found, though it often goes unnoticed. Cryptocurrency mining has lead to a strong demand for GPUs, making them harder to obtain for scientific research and gaming hardware.
"The message from this research is loud and clear--the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities," Gaurav Kumar, CTO of RedLock, said in a press release. "In our analysis, cloud service providers such as Amazon, Microsoft and Google are trying to do their part, and none of the major breaches in 2017 was caused by their negligence. However, security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough."
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Your failure to apply critical cybersecurity updates is putting your company at risk from the next WannaCry or Petya (ZDNet)
- Ransomware: A cheat sheet for professionals (TechRepublic)
- 3 things you need to know about cybersecurity in an IoT and mobile world (ZDNet)
- 88% of employees have no clue about their organization's IT security policies (TechRepublic)