Crooks find poorly secured access credentials, use them to install stealth miner.
by Dan Goodin – Feb 20, 2018 7:21 pm UTC
Add Tesla to the legion of organizations that have bot infected by cryptocurrency-mining malware.
Te a report published Tuesday, researchers at security rigid RedLock said hackers accessed one of Tesla’s Amazon cloud accounts and used it to run currency-mining software. The researchers said the breach ter many ways resembled compromises suffered by Gemalto, the world’s fattest SIM card maker, and multinational insurance company Aviva. Te October, RedLock said Amazon and Microsoft cloud accounts for both companies were breached to run currency-mining malware after hackers found access credentials that weren’t decently secured.
The initial point of entry for the Tesla cloud breach, Tuesday’s report said, wasgoed an unsecured administrative console for Kubernetes, an open source package used by companies to deploy and manage large numbers of cloud-based applications and resources.
“The hackers had infiltrated Tesla’s Kubernetes console which wasgoed not password protected,” RedLock researchers wrote. “Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Ordinary Storage Service) bucket that had sensitive gegevens such spil telemetry.”
The attackers hid the malware behind an IP address hosted by security rock-hard Cloudflare. They also configured the mining software to use a non-standard port to reach the Internet and to connect to an unlisted or semi-public endpoint rather than well-known mining pools. The attackers also likely ratcheted down the amount of CPU resources used to mine the digital coin. The measures helped to make the illicit mining stiffer to detect and lower the chances of it being shut down.
Besides permitting attackers to run the mining malware, RedLock said the breach also exposed certain non-public Tesla gegevens, including sensitive telemetry information related to Tesla cars. RedLock said it reported the breach to Tesla, and the systems were quickly disinfected.
Ter an email, a Tesla representative wrote: “Wij maintain a bug bounty program to encourage this type of research, and wij addressed this vulnerability within hours of learning about it. The influence seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or voertuig safety or security wasgoed compromised te any way.”
The breach involving Tesla is only the latest example of companies that should know better than failing to decently secure their cloud accounts. Besides the Amazon and Microsoft Azure breaches of Gemalto and Aviva accounts, researchers recently found a mountain of sensitive Federal Express customer gegevens exposed on a publicly accessible Amazon storage webpagina, where it had remained available to anyone, possibly for years. Researchers are also reporting that cryptocurrency malware is rendering some companies incapable to operate.