Tesla becomes Victim to Cryptocurrency Mining Malware Attack
Electric automotive firm Tesla has reportedly become the latest victim to cryptojacking.
Cybersecurity software company RedLock announced, on Tuesday, that hackers had infiltrated Tesla’s Kubernetes console, which wasn’t password protected. As a result, access credentials were exposed to Tesla’s Amazon Web Services (AWS) environment, which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.
In addition to the data exposure, hackers were able to gain access to Tesla’s computing power to mine for cryptocurrencies. According to the team, the use of more sophisticated evasive measures were employed in this malware attack. Among other things, the team noted:
“Unlike other crypto mining incidents, the hackers did not use a well known public ‘mining pool’ in this attack. Instead, they installed mining pool software and configured the malicious script to connect to an ‘unlisted’ or semi-public endpoint. This makes it difficult for standard IP/domain based threat intelligence feeds to detect the malicious activity.”
The team reported the incident to Tesla, which was rectified.
RedLock claim that they have found hundreds of Kubernetes administration consoles lacking the necessary password protection measures. Aviva, a British multinational insurance company, and Gemalto, the world’s biggest manufacturer of SIM cards, are a few organisations that didn’t have any passwords in place, according to RedLock. As a result, they determined that hackers had secretly infiltrated these companies’ public cloud environments and were using the computing power to mine cryptocurrencies.
With a rising interest in the cryptocurrency market continuing, so too is the threat from hackers. With an advance in technology criminals are shifting their focus from stealing data to stealing computing power in order to mine digital currencies. The start of the year has already shown how this nefarious activity is targeting victims.
Last week Ethereum World News reported that Russian security firm Kaspersky Lab had discovered that hackers were exploiting a zero-day vulnerability in Telegram’s messaging desktop app. According to the team, the hackers were using victims’ computing power to mine for Monero, Zcash, and Fantomcoin.
Whereas, the U.K.’s data protection website, the Information Commissioner’s Office (ICO) was reported to have taken down its website after it was infected by malware earlier this month. The malware was added to website codes through Browsealoud, a plugin that aids the blind and partially sighted to access the Internet. The software, Coinhive, then used victims’ computing power to mine Monero. More than 5,000 websites were affected as a result.