Tesla’s Cloud Hit With Cryptocurrency Mining Hack

Voyager
Voyager

Corporate cryptocurrency mining hacks are becoming more and more pervasive, with the latest victim being premium electric car maker Tesla. Researchers at cybersecurity firm Redlock stated in a report published Tuesday that hackers accessed one of Tesla’s Amazon cloud account and used it to run cryptocurrency mining software.

In the report, Redlock stated that “the hackers had infiltrated Tesla’s Kubernetes console which was not password protected.” In addition to the proprietary data exposure, hackers were crypto mining from within one of Tesla‚Äôs Kubernetes pods. The Redlock team noted some sophisticated evasion measures that were employed in this attack:

  • Unlike other crypto mining incidents, the hackers did not use a well known public ‚Äúmining pool‚ÄĚ in this attack. Instead, they installed mining pool software and configured the malicious script to connect to an ‚Äúunlisted‚ÄĚ or semi-public endpoint. This makes it difficult for standard IP/domain based threat intelligence feeds to detect the malicious activity.
  • The hackers also hid the true IP address of the mining pool server behind CloudFlare, a free content delivery network (CDN) service. The hackers can use a new IP address on-demand by registering for free CDN services. This makes IP address based detection of crypto mining activity even more challenging.
  • Moreover, the mining software was configured to listen on a non-standard port which makes it hard to detect the malicious activity based on port traffic.
  • Lastly, the team also observed on Tesla‚Äôs Kubernetes dashboard that CPU usage was not very high. The hackers had most likely configured the mining software to keep the usage low to evade detection.

The hack was immediately reported to Tesla, and the breach was sealed ‚Äúwithin hours of learning about it,” according to a statement Tesla¬†emailed to Fortune.

‚ÄúThe impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.‚ÄĚ

The CEO and co-founder of RedLock, Varun Badhwar, told Fortune that Tesla awarded the researchers $3,133.70 for reporting the hack. The reward came as part of Tesla’s bug bounty program, which financially compensates security researchers for reporting breaches and other security issues to the company (Tesla’s max payout is $10,000).

Crypto mining script running in Tesla’s Kubernetes pod
More:¬†Tesla’s cloud account got hacked, and was put to a very specific use
 
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts