Cloud Security Intelligence firm RedLock has brought in to light a new case of Tesla cryptojacking which is mainly targeting Tesla’s Amazon Web Service’s which is a software container according to yesterdays report. The report indicated that hackers accessed Tesla’s AWS access credentials by penetrating a non-password protected Kubernetes software container. The report goes on to indicate that the hackers used the Kubernetes container to do cryptocurrency mining for an unknown amount of time.
Last year Redlock’s CSI team had exposed a similar hack of AWS for Bitcoin for mining intentions at companies Aviva and Gemalta. The process is just similar because the companies in last years expose also did not have passwords for their admin consoles.
Tesla’s hackers were however very smart because they did not use a know mining pool. Instead, they put their own mining pool software which connected the malicious script to an endpoint. Al, this was in an attempt to reduce any detection of suspicious activities. More to that they put their CPU usage low to prevent any suspicion. More to that they hid the mining pool’s address behind free content delivery network CloudFlare.
Tesla made reports last year that they were developing innovative ways to use their technologies to mine Bitcoin in a way which the company did not intend. Towards the end of last year, Tesla’s owner indicated that he was using his electric car to mine Bitcoin using the car’s supper charger by placing the mining ring in the trunk.
The research by RedLock which was titled “Lessons from Cryptojacking Attack at Tesla,” ends with RedLock suggesting to companies to be careful with similar cryptojacking incidents in the future. The company noted that monitoring could be done by monitoring configurations, suspicious user behavior and also network traffic. Lastly, they noted that such incidences could be on the rise as hackers are learning new tactics.