New research from the RedLock CSI team revealed that the latest victim of cryptojacking is Tesla. While the attack was similar to the ones at Aviva and Gemalto, there were some notable differences. The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.
In addition to the data exposure, hackers were performing crypto mining from within one of Tesla’s Kubernetes pods. The team noted some sophisticated evasion measures that were employed in this attack.
Unlike other crypto mining incidents, the hackers did not use a well known public “mining pool” in this attack. Instead, they installed mining pool software and configured the malicious script to connect to an “unlisted” or semi-public endpoint. This makes it difficult for standard IP/domain based threat intelligence feeds to detect the malicious activity.
The hackers also hid the true IP address of the mining pool server behind CloudFlare, a free content delivery network (CDN) service. The hackers can use a new IP address on-demand by registering for free CDN services. This makes IP address based detection of crypto mining activity even more challenging.
Moreover, the mining software was configured to listen on a non-standard port which makes it hard to detect the malicious activity based on port traffic.
Lastly, the team also observed on Tesla’s Kubernetes dashboard that CPU usage was not very high. The hackers had most likely configured the mining software to keep the usage low to evade detection.
The RedLock CSI team immediately reported the incident to Tesla and the issue was quickly rectified.
TheBitcoinNews.com – Bitcoin News source since June 2011 –
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored posts are always flagged as this, guest posts, guest articles and PRs are most time but NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise
Our Social Networks: Facebook Instagram Pinterest Reddit Telegram Twitter Youtube
