Cloud security intelligence (CSI) firm RedLock has exposed a new case of cryptojacking targeting Tesla’s Amazon Web Service’s (AWS) software container, the RedLock blog reported yesterday, Feb. 20.
Hackers accessed Tesla’s AWS access credentials by penetrating a non-password protected Kubernetes software container. The hackers then used the Kubernetes container to mine for cryptocurrencies, for an as of yet unknown amount of time.
RedLock’s CSI team exposed a similar hack of AWS for Bitcoin (BTC) mining purposes at companies Aviva and Gemaltо in October of last year. These companies, like Tesla, did not have passwords for their admin consoles.
The Tesla hack was well disguised--the hackers didn’t use an already-known mining pool, but instead put in their own mining pool software than connected the malicious script to an “unlisted” endpoint, complicating the ability to detect any suspicious activity.
The hackers also kept their CPU usage low to prevent being spotted, and hid the mining pool’s IP address behind free content delivery network CloudFlare, RedLock reports.
Tesla had already made the news last year for an innovative way to use their technologies to mine Bitcoin in a way completely unintended by the company. In December 2017, the owner of a Tesla S electric car reported that he had been mining Bitcoin with his car’s supercharger, placing a mining rig in the trunk.
RedLock’s blog post detailing the hack, titled, “Lessons from the Cryptojacking Attack at Tesla,” ends with suggestions to companies to prevent similar cryptojacking incidents in the future, namely monitoring configurations, network traffic, and suspicious user behavior.
And, as TechCruch adds, “at least [using] a password.”
By Molly Jane Zuckerman