Experts Reacted On Musk Confirms Russian Hack Targeted Tesla Factory

The US authorities arrested and charged a Russian national in US who was recruiting and convincing a Tesla’s employee to install a malware at Tesla factory in Nevada. The Telsa CEO Elon Musk also confimed the plot by tweet.The cybersecurity experts reacted on this new plot.

Experts Comments

September 01, 2020
Matt Walmsley
EMEA Director
Vectra
Ransomware attackers seek internal access to privileged entities associated with accounts, hosts, and services given the unrestricted access they can provide and the ease of replication and propagation.  In this case, the recruitment or coercion of a Tesla insider to aid the attempted deployment of malware tools to stage their attack shows the lengths ransomware groups will go to. Ransomware operators have evolved into using “name and shame” tactics whereby the victim’s data is.....Read More
Ransomware attackers seek internal access to privileged entities associated with accounts, hosts, and services given the unrestricted access they can provide and the ease of replication and propagation.  In this case, the recruitment or coercion of a Tesla insider to aid the attempted deployment of malware tools to stage their attack shows the lengths ransomware groups will go to. Ransomware operators have evolved into using “name and shame” tactics whereby the victim’s data is exfiltrated prior to encryption and used to leverage ransomware payments. These bullying tactics are making attacks even more expensive, and they are not going to stop any time soon, particularly within the current climate. These attackers will attempt to exploit, coerce, and capitalise on organizations’ valuable digital assets. Attackers will maneuver themselves through a network and make that step from a regular user account, to a privileged account, which can allow them to deploy their tools and identify the data they need in order to finalise their ransomware attack and bribe their victims. Kudos to Tesla and the FBI in identifying and thwarting the reported attack but in most cases, organisations can’t rely on external prior notification or assistance. Therefore, security teams need to be agile as time is their most precious resource in dealing with ransomware attacks and malicious insider behaviors. Early detection and response are key to gaining back control and stopping the attackers in their tracks before they can propagate across the organisation, stealing and denying access to data and services.  Read Less
August 31, 2020
Warren Poschman
Senior Solutions Architect
comforte AG
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that the.....Read More
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that the security measures they enact to protect data are still viable even when internal resources are compromised or data is exposed. Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused – effectively nullifying both external and internal threats.  Read Less
August 31, 2020
Andrea Carcano
Co-founder and CPO
Nozomi Networks
Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organizations, echoing a trend we identified in a recent study of common threats. The proliferation and complexity of ransomware attacks signifies the growing need for organizations to take the necessary steps to secure their systems. It is never advisable to pay the ransom, and organizations that give in to the hackers’ demands are only fueling the profitability of the ransomware industry for attackers. As a .....Read More
Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organizations, echoing a trend we identified in a recent study of common threats. The proliferation and complexity of ransomware attacks signifies the growing need for organizations to take the necessary steps to secure their systems. It is never advisable to pay the ransom, and organizations that give in to the hackers’ demands are only fueling the profitability of the ransomware industry for attackers. As a result, when it comes to ransomware prevention will always be better than a cure. We applaud Tesla for acting so quickly in this case. What more can be done? Organizations should deploy artificial intelligence and machine learning tools that can help identify cyber threats in real-time and resolve issues before harm is done. A robust cyber defense strategy is the first line of defense against a ransomware attack.  Read Less
August 31, 2020
Katie Nickels
Director of Threat Intelligence
Red Canary
This indictment represents an interesting convergence of external threats and insider threats, which professionals traditionally have thought of separately. In particular, ransomware is generally perceived as an external threat - it’s often delivered through emails or websites. Before this indictment, many organizations likely did not have insider-enabled ransomware in their threat model, but they should now consider this possibility. With traditional ransomware, many defenders are able to.....Read More
This indictment represents an interesting convergence of external threats and insider threats, which professionals traditionally have thought of separately. In particular, ransomware is generally perceived as an external threat - it’s often delivered through emails or websites. Before this indictment, many organizations likely did not have insider-enabled ransomware in their threat model, but they should now consider this possibility. With traditional ransomware, many defenders are able to stop ransomware before it encrypts data. If an insider has physical access, stopping this kind of attack becomes much more challenging, as defenders are not used to handling. The indictment contains many details about the tradecraft the Russian national coached the employee on, such as using WhatsApp and airplane mode on their phone. We often would connect this type of tradecraft with fairly advanced adversaries, often those conducting espionage - yet there is no mention of espionage in this indictment. We have seen recent ransomware attacks by Maze operators in which they have begun to extort victims by threatening to release data if they do not pay the ransom, which is a step up from the traditional ransomware that simply encrypts data. This indictment demonstrates another level of sophistication and challenges for defenders, specifically by raising the possibility that adversaries could leverage insider threats to gain access to and execute malicious software in a target environment. We know traditional ransomware is still effective and we can’t say for sure why some adversaries choose to change tactics, but it is possible that higher ransoms demand higher sophistication to have success. Another interesting aspect of this indictment is that the adversaries planned to conduct a Distributed Denial of Service (DDoS) attack to distract from the ransomware. DDoS providing cover for espionage or criminal attacks is something analysts have hypothesized about, but there hasn’t been much public evidence of it actually occurring.  Read Less
August 31, 2020
Andrea Carcano
Co-founder and CPO
Nozomi Networks
Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organizations, echoing a trend we identified in a recent study of common threats. The proliferation and complexity of ransomware attacks signifies the growing need for organizations to take the necessary steps to secure their systems. It is never advisable to pay the ransom, and organizations that give in to the hackers’ demands are only fueling the profitability of the ransomware industry for attackers. As .....Read More
Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organizations, echoing a trend we identified in a recent study of common threats. The proliferation and complexity of ransomware attacks signifies the growing need for organizations to take the necessary steps to secure their systems. It is never advisable to pay the ransom, and organizations that give in to the hackers’ demands are only fueling the profitability of the ransomware industry for attackers. As a result, when it comes to ransomware prevention will always be better than a cure. We applaud Tesla for acting so quickly in this case. What more can be done? Organizations should deploy artificial intelligence and machine learning tools that can help identify cyber threats in real-time and resolve issues before harm is done. A robust cyber defense strategy is the first line of defense against a ransomware attack.  Read Less
August 31, 2020
Warren Poschman
Senior Solutions Architect
comforte AG
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that .....Read More
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that the security measures they enact to protect data are still viable even when internal resources are compromised or data is exposed. Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused – effectively nullifying both external and internal threats.  Read Less
August 28, 2020
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin
This attempt to attack Tesla through a ‘malicious insider’ is a brazen, if not rare, attempt to infiltrate a system. It does, however, highlight that cyber threats come in many forms. Always remember our employees are our greatest asset. We need to nurture our Trust and Security relationship with them daily. Open and honest communications from leadership across all topics including information security threats that the organisation faces, is what is needed. This includes educating.....Read More
This attempt to attack Tesla through a ‘malicious insider’ is a brazen, if not rare, attempt to infiltrate a system. It does, however, highlight that cyber threats come in many forms. Always remember our employees are our greatest asset. We need to nurture our Trust and Security relationship with them daily. Open and honest communications from leadership across all topics including information security threats that the organisation faces, is what is needed. This includes educating employees on the consequences that they, as well as the organisation itself, might incur should they participate in insider threat activity.  Read Less
August 28, 2020
Sam Curry
Chief Security Officer
Cybereason
The allegations and arrest of a Russian in an alleged plot to hack Tesla reads like a real movie script. Tesla is a hot tech company that is strategically important for the U.S. economy and it's tied to other important companies SpaceX, Hyperloop, Starlink and more. Enter a Russian spy, the use of ostensibly secure messaging app, four years of patience and trying to turn an insider. What is remarkable is that the insider did the right thing and worked with authorities. How many other companies .....Read More
The allegations and arrest of a Russian in an alleged plot to hack Tesla reads like a real movie script. Tesla is a hot tech company that is strategically important for the U.S. economy and it's tied to other important companies SpaceX, Hyperloop, Starlink and more. Enter a Russian spy, the use of ostensibly secure messaging app, four years of patience and trying to turn an insider. What is remarkable is that the insider did the right thing and worked with authorities. How many other companies have been similarly targeted without having an employee do the right thing? Whether due to security awareness training or simply personal integrity, the result is the same, the bad guy was caught and a potential disaster was averted. This is an important reminder that there are groups outside seeking to take down companies, and they can bring crazy resources to bear. In the old days, the government and military-industrial complex were targeted. Today, the private sector and high-tech industries are squarely in the crosshairs. Relating to the reported extortion amounts, whether it's 250K, 500K or $1Million, that is a lot of money to put into a ‘hack’ which, but for the ‘malware exfiltrating’, could be the plot of a WW2 movie. The big question is whether this is simply a hack-for-cash grab or are there strategic interests behind it? There is some tradecraft here reminiscent of old school espionage. Also, did the hackers really think that Elon Musk would cover it up or is the real intent not financial? To answer the question, we would have to know the hackers, In the old days, we would see rebels and terrorists working together with rogue nation-states. Is this a ransomware gang because it smells bigger than that? Is it one of several petty gangs funded and backed by a state agency like GRU? Or is it straight up espionage like in the old days? Losses in similar hacks can be catastrophic. What could be lost? IP that could be used to bootstrap a rival tech company, like China allegedly did with Huawei. Or data that could be used to blackmail or harass or outright assault wealthy customers. Perhaps, it is to gain the most vital of resources: data.  Read Less
August 28, 2020
Jake Moore
Cybersecurity Specialist
ESET
Some of the biggest threats come from physical access to a network, and the insider threat can be extremely difficult to protect against. Employees with knowledge coupled with access can be extremely dangerous and create far more problems than external attacks, which highlights the importance of limiting user privileges where possible. However, this attack seems to have cleverly just required user rights to place a file on the network – something most employees would have been able to.....Read More
Some of the biggest threats come from physical access to a network, and the insider threat can be extremely difficult to protect against. Employees with knowledge coupled with access can be extremely dangerous and create far more problems than external attacks, which highlights the importance of limiting user privileges where possible. However, this attack seems to have cleverly just required user rights to place a file on the network – something most employees would have been able to achieve without any alarm bells ringing. Whether via a disgruntled employee or through cleverly directed social engineering, this can have devastating consequences. Although highly unlikely to happen often, awareness and education for all employees is the best defence in mitigating against this sort of bribery.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.