Hackers have successfully gained access to the Amazon Cloud Services of Tesla Inc (NASDAQ:TSLA), a renowned California based electric car manufacturer, and installed a cryptocurrency mining software. The traffic is very low on the port so that no one suspects it as a cyber attack.
The hackers have successfully run a malicious code on Kubernetes console of Tesla that was not password protected. They could exploit the sensitive data including Telemetry stored on the Tesla AWS. They were successfully running cryptocurrency mining operations from one of the Kubernetes pods of Tesla.
According to the CSI team, the hackers are very clever to use the sophisticated mechanism in this cryptojacking. They have used a mining pool software in this attack rather than a public mining pool and configured the script to establish a connection to the semi-public or an unlisted endpoint. Therefore, it evades the dragon eye of normal IP/domain based intelligence protocols that detect the threat.
The IP address of the cryptomining software is hidden behind a free content delivery network – Cloud fare. The IP address of the cryptomining software can be changed dynamically making it difficult for the detection of the malicious activity.
The mining software listens to a nonstandard port and because of low CPU usage and very low traffic, the cybersecurity experts would not be able to detect the threat.
However, the Redlock CSI team has conveyed the hacking information of Tesla AWS to the management of Tesla and a patch has been installed immediately to thwart the threat.
The Cryptojacking activity, which was noticed 6 months back, has now matured into a widespread threat. The hackers are now using the computer power for illicit activities like Cryptocurrency mining to target massive institutions to individual customers.
According to the Red Lock, a cloud monitoring and defense firm, Tesla AWS was running malicious mining software and the same was quickly contained in a day. The data leak at the car maker was minimal.
The cryptojacking is likely to create a big security challenge if not acted in time apart from causing a huge impact on your electricity bill.