Breaking news has revealed that Tesla’s Amazon Web Services account was hacked to mine cryptocurrency. The hack, which was brought to Tesla’s attention by the cybersecurity startup RedLock, also reportedly exposed some of Tesla’s proprietary data related to mapping, telemetry, and vehicle servicing. IT security experts commented below.
Ken Spinner, VP of Field Engineering at Varonis:
“Whenever a compromise or data breach takes place, there’s a tendency to point fingers, but the reality isn’t as clear cut: Security doesn’t have an on/off switch – and it’s important to layer multiple and different security measures to protect underlying data and resources.
AWS provides a number of base level controls such as two-factor authentication and VPC (Virtual Private Clouds) to help protect accounts, monitor systems and prevent data exfiltration, but it’s not a silver bullet. If credentials are leaked it is nearly impossible for AWS to determine if the use they are being put to is legitimate. It’s ultimately up to the user to ensure their information remains safe.
Computing needs are increasing and the frameworks for managing, deploying and protecting data are growing more complicated. AWS applications are often a mix of native AWS Services, open source tools and vendor applications – any one of which may have an issue or misconfiguration which allows complete access to an outside party.
Cryptojacking offers hackers a near-immediate return for their efforts, which increases the amount of effort they’re willing to expend on exploiting individual accounts. Compared to the old models of monetizing data breaches — selling credit card numbers or personal account information — cryptojacking is harder to detect, has fewer criminal penalties and offers a larger payday.”
Tim Erlin, Vice President of Product Management and Strategy at Tripwire:
“Mining cryptocurrency requires resources, and there’s no reason that criminals wouldn’t look for the same advantages from the cloud as other organizations.
Why make the effort of getting a human being to pay a ransom when you can use their resources to generate your own?
We’ve seen numerous incidents with insecure configurations at their root. Organizations with cloud infrastructure must establish baselines for secure configurations and monitor them for changes.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.