The strange new breed of malicious cryptocurrency miners spares no one, it seems: Tesla is the latest to be struck by this trendy form of hackery. A poorly secured cloud computing setup let them waltz right in.
It’s only the latest example of several detected by cloud security outfit RedLock, which has tracked a series of Kubernetes admin consoles wide open to anyone looking. Not even password-protected.
If RedLock could find them, so could hackers — and they did. By logging in and carefully disguising the cloud computing usage and associated traffic, they managed to quietly mine using Tesla’s AWS pod for… well, it’s anybody’s guess how long. And given the volatility of cryptocurrency markets these days, it’s also anybody’s guess how much and of what coin.
Obviously, the solution here is to have literally any kind of security on your infrastructure. But hackers are clever and companies should also be watching for unusual levels of traffic and other usage indicators, and also monitor for non-standard user behaviors. But seriously, at least a password.