In February, Fortune, Wired, and other media outlets reported that hackers worked their way into automaker Tesla’s Amazon Web Services (AWS®) cloud account to mine for cryptocurrency. These so-called “cryptojacking” attacks are on the rise in concert with escalating cryptocurrency prices, prompting hackers to gain access to company networks to generate these virtual forms of tender. It’s yet another facet of cybersecurity to keep IT experts up at night, wondering who will be hit next.
Cryptocurrency…What Is That Again?
As a refresher, a cryptocurrency is a digital or virtual currency secured through cryptography, which makes it hard to counterfeit. Bitcoin is probably the most well-known example. Cryptocurrencies are decentralized, can be used anonymously in transactions, and aren’t subject to government regulation. Because of this lack of oversight, they are perfect for illegal activities such as tax evasion and money laundering. Cryptocurrencies make use of blockchain, a secure, online ledger technology for recording and verifying transactions in a permanent way.
From Bad to Worse
Fortunately for Tesla, researchers from cybersecurity firm RedLock discovered the intrusion. However, the attack itself was possible because Tesla’s credentials were available on an unsecured IT administrative console—with no password protection. Said another way, Tesla forgot to lock the door. In addition to mining for cryptocurrency, the attackers were able to access other sensitive information such as vehicle servicing and mapping data. The researchers couldn’t determine how long the hackers had access to Tesla’s account, or the amount of cryptocurrency they were able to mine, but they found evidence that the cryptocurrency software Stratum had been used.
An Ounce of Prevention
Tesla acted quickly to secure its files, but the fact that this intrusion happened at all is a major red flag. Although cybersecurity threats are everywhere, and ingenious hackers seem to think up new ways to get into sensitive information every day, this is one of those cases where it was all too easy to commit a crime. Why? Because the information was essentially sitting out there for anyone to find and use for their own purposes.
Avoiding this type of scenario takes a proactive approach to your IT infrastructure. Security Auditor automatic cloud system discovery and auditing would have found additional AWS systems as they were deployed. In addition, Tesla administrators would have received alerts of those findings, thwarting this or any similar type of attack. The solution works by automatically applying security controls on the systems it discovers. It reports on any audits that fail to meet corporate standards. Incorrect configurations, unapproved users, and any non-approved running services would have been reported.
In concert with Security Auditor, Event Manager provides centralized logging and auditing of security alerts and events within IT environments. By normalizing the various data streams and prioritizing the criticality of security events, you can quickly and clearly identify security incidents and take appropriate action to resolve the issues and secure your environment.