Tesla Thwarts Ransomware Attempt

What happened?

A bad actor (27 year old Russian Egor Igorevich Kriuchkov) tried to penetrate Tesla’s network by leveraging a different type of vulnerability – an employee – not through the increasingly popular phishing methodology, but through promising a healthy payday in exchange for taking incredulous actions on the hacker’s behalf. 

According to a Tesla post about the attack, “The plan involved the Tesla employee inserting malware provided by Kriuchkov and his associates to the electric car maker’s systems. After the malware is inserted, a distributed denial of service (DDoS) attack would occur that could allow the hackers to occupy the Tesla information security team. The malware would also allow the hackers to extract corporate and network data, which would be held ransom until the electric car maker pays up. For his participation in the ploy, the Gigafactory Nevada employee would receive $500,000, later raised to $1 million, to be paid in cash or bitcoin.” 

However, as Tesla notes, Kriuchkov was unsuccessful with his efforts resulting in an August 22, 2020 arrest in Los Angeles. The hacker is currently being detained pending trial. “Fortunately for Tesla, the company was able to get away from what could have been a serious cybersecurity attack, and it has one employee to thank for it. It takes a lot, after all, to say no to a $1 million reward, as others have compromised more far more for far less.” 

“The thwarted ransomware attack against Tesla underlines two realities: people are your best asset and critical infrastructure remains a hot target for malicious activity. The swift action taken by the employee who alerted Tesla exemplifies how one person can have a massive impact on operations,” Marty Edwards, vice president of OT security at Tenable tells IndustryWeek. “Because of their swift actions, Tesla was able to alert authorities and avoid a likely devastating and costly breach. This serves as a timely reminder to those operating OT of the high-value cybercriminals place on these mission-critical systems. This is not the first and will certainly not be the last such attempt. Security should remain top-of-mind as bad actors will continue their relentless pursuits to access these sensitive environments.”

The lesson for manufacturers?

An employee's honesty was pivotal in helping Tesla foil this attempt. However, no employer should bank on honesty as a means of covering the enterprise from an attack. The sophistication and craftiness of today’s attackers should be concerning to manufacturers, especially considering how many operating environments are now fully connected. Good security hygiene including timely patches across the network as well as  keeping people up-to-date on internal policies are always good starting points.

"This incident is a perfect example of the need for zero-trust strategies and continuous security monitoring. Zero-trust assumes the adversary is already inside your network, and continuous monitoring alerts the SOC on any signs of suspicious or unauthorized activity, such as malware scanning the network in search of sensitive documents,” says Phil Neray, vice president of IoT & industrial cybersecurity for CyberX, a Microsoft company. “An interesting twist in this case is that the adversary intended to temporarily distract the SOC with a DDoS attack while the data-stealing malware did its work -- and they only needed the malware to be operational for less than 8 hours in order for the attack to be successful."

Simply put, manufacturers need to be diligent in protecting their environments. As security experts often suggest, suffering an attack is never a matter of "if," is it a matter of "when," and perhaps more importantly how damaging the attack will be on the organization.