Tesla, the electric car manufacturer based in Palo Alto, California, is the latest victim of crypto-mining malware that allowed the hackers to covertly mine cryptocurrency – an attack known as ‘crypto-jacking’. “We weren’t the first to get to it,” Varun Badhwar, CEO and co-founder of RedLock, told Fortune in a phone conversation. “Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment.” The CGI researchers said they are not certain of the type and the value of currency mined using the stolen power. They were also uncertain as to how long the intruders had access. RedLock Vice President Upa Campbell told Motherboard that, “the crypto mining incidents have increased in tandem with rising cryptocurrency prices. As the values of cryptocurrencies rise we are seeing an epidemic”. Campbell also said that these hackers get easy profits from cryptomining rather than traditional data extraction. “It used to be lucrative for hackers to steal a companies data but hackers will always take the path of least resistance,” she added. “Cryptojacking is a lot easier because they get into the environment and simply leverage the computer systems to generate money.” Meanwhile, Tesla quickly rectified the cryptojacking issue after it was notified by RedLock. A Tesla spokesperson confirmed that no customer data or the safety and security of its vehicles was compromised by the breach. “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” the spokesperson said. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.” RedLock CTO Gaurav Kumar said businesses should monitor doubtful cyber activities to avoid being exploited. “The message from this research is loud and clear — the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities,” Kumar said in a statement Tuesday. He added: “However, security is a shared responsibility. Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough.”
