Crooks find poorly secured access credentials, use them to install stealth miner. Add Tesla to the legion of organizations that have been infected by cryptocurrency-mining malware.
In a report published Tuesday, researchers at security firm RedLock said hackers accessed one of Tesla’s Amazon cloud accounts and used it to run currency-mining software. The researchers said the breach in many ways resembled compromises suffered by Gemalto, the world’s biggest SIM card maker, and multinational insurance company Aviva. In October, RedLock said Amazon and Microsoft cloud accounts for both companies were breached to run currency-mining malwareafter hackers found access credentials that weren’t properly secured.
The initial point of entry for the Tesla cloud breach, Tuesday’s report said, was an unsecured administrative console for Kubernetes, an open source package used by companies to deploy and manage large numbers of cloud-based applications and resources.
“The hackers had infiltrated Tesla’s Kubernetes console which was not password protected,” RedLock researchers wrote. “Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.”
The attackers hid the malware behind an IP address hosted by security firm Cloudflare. They also configured the mining software to use a non-standard port to reach the Internet and to connect to an unlisted or semi-public endpoint rather than well-known mining pools. The attackers also likely ratcheted down the amount of CPU resources used to mine the digital coin. The measures helped to make the illicit mining harder to detect and lower the chances of it being shut down.
Besides allowing attackers to run the mining malware, RedLock said the breach also exposed certain non-public Tesla data, including sensitive telemetry information related to Tesla cars. RedLock said it reported the breach to Tesla, and the systems were quickly disinfected.
In an email, a Tesla representative wrote: “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”