Elon Musk confirmed on Twitter that Tesla avoided an attempted cyberattack on the company by a Russian hacker, who is now in the U.S. government’s custody. Meanwhile, customers of Twilio-owned email marketing platform SendGrid were victimized by account takeover attacks (ATO) that exposed user data and credentials.
Tesla Dodges a ‘Serious’ Bullet
Tesla became a target of a Russian hacker who wanted to use an insider to cripple the company’s network with malicious malware and block access to data until a ransom was paid. The FBI has arrested a Russian national for conspiring to launch a planned cyberattack on the electric automaker. A criminal complaint has been filed against Egor Igorevich Kriuchkov who attempted to collude with a Tesla employee working at the company’s Gigafactory Nevada.
The unidentified employee, a Russian-speaking immigrant, was approached by Kriuchkov in July to carry out the malicious attack that could have brought down Tesla’s Nevada Gigafactory, first reported by Electrek. FBI’s complaint suggests that the operation was well-planned with the Tesla owner attesting to it. Musk tweeted:
The plan was to infiltrate Tesla’s network with DDOS-capable malware, through one of Tesla’s employees. The malware would launch a DDoS attack chain, eventually opening up a way for corporate and network data exfiltration. The hacker’s goal was to exfiltrate data and then extract ransom from the company.
The Tesla employee was reportedly offered a $1 million bribe for crippling Tesla’s network with malware. Instead of taking the bait, the employee reported the malicious planned cyberattack to the company, which in turn got in touch with the federal intelligence and security service. They then continued to operate as a double agent by communicating with Kriuchkov, taking a cue from the FBI.
The FBI stepped in to arrest Kriuchkov once he revealed his shadowy connections and that they received a $4 million ransom from a high profile company for a ransomware attack that put down 30,000 of its computers, wherein attackers managed to steal reams of sensitive corporate files.
The Department of Justice (DOJ) stated in a release, “A Russian national made his initial appearance in federal court Monday for his role in a conspiracy to recruit an employee of a company to introduce malicious software into the company’s computer network, extract data from the network, and extort ransom money from the company.” Kriuchkov was arrested on his way out of LAX on August 22 and has been detained pending trial.
SendGrid’s Lack of MFA Made It Hackable
In other news, email marketing platform SendGrid is the latest victim of account takeover attacks. User data and credentials are up for sale on the dark web. Twilio or SendGrid did not reveal how many accounts were hacked. Krebs on Security found an individual going by the name Krotomatix who’s selling over 400 such compromised accounts. Krebs’s report states, “Accounts that can send up to 40,000 emails a month go for $15, whereas those capable of blasting 10 million missives a month sell for $400.”
SendGrid’s hack is especially concerning because it can be used by other hackers to get access and then send large volumes of emails laden with spam, malware, phishing links, or anything else. And because SendGrid systems can bypass spam-filtering mechanisms in place by almost a majority of email clients, the threat becomes even more damaging.
The absence of identity access management (IAM) methods like two-factor authentication (2FA) and MFA is touted as one of the key reasons for the hack. This has been a common occurrence across email delivery clients for some time, and faced with negative coverage, SendGrid and Twilio are now upping the ante on more secure authentication techniques.
Torsten George, Cybersecurity Evangelist at Centrify told Bank Info Security, “It’s actually quite shocking that an organization that works with business customers for marketing purposes didn’t already have multi-factor authentication in place for users, and implementing it as a requirement is a critical first step that should happen urgently.”
While 2FA is available for Sendgrid accounts, it is not mandatory. Sendgrid’s parent Twilio said they are now getting serious about going beyond the usual username and password. Steve Pugh, Chief Security Officer at Twilio told Krebs on Security, “Twilio believes that requiring 2FA for customer accounts is the right thing to do, and we’re working towards that end. 2FA has proven to be a powerful tool in securing communications channels. This is part of the reason we acquired Authy and created a line of account security products and services.”
Let us know if you liked this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!