A security company has discovered that criminals have gained access to Tesla servers, which they misused to mine cryptocurrencies. They also had access to data in an AWS-S3 bucket, although Tesla denies that it was sensitive data.
The discovery was made by the company RedLock, which devoted a blog post to it. In it, it writes that the criminals had access to a Kubernetes interface, which was not provided with a password. The interface can be used to control so-called pods, which are collections of containers such as Docker. One of these pods contained credentials for an Amazon S3 server, with a bucket containing telemetry data, among other things. The criminals used a different pod for their crypto mining activities.
Tesla has responded to the findings, including to Cyberscoop. The company says it picked up the report from RedLock within hours and took action. RedLock made that report on January 30, but it’s unclear how long the criminals had access. Tesla disputes that it was sensitive data and says there was no risk to customer privacy or car safety because it was data from internal test vehicles.
The security company states in its analysis that the mining activities were hidden in various ways, for example they did not use a public mining pool to evade detection by IP or domain. Furthermore, they had placed the address of their pool behind Cloudflare and their software was configured to listen on a port that is not standard. Finally, they configured their mining software so that CPU usage did not become unusually high, which would lead to detection. The security firm says it has identified similar incidents at other companies, including Aviva and Gemalto.
Since last year, the number of attacks in which criminals misuse access to equipment for crypto mining, in many cases Monero, has been increasing, because that crypto currency can be mined with CPU power. Security firm Imperva recently claimed that in 88 percent of self-detected attacks exploiting an rce vulnerability, the attackers attempted to get crypto mining malware. Before that, it was popular to include the device in a ddos botnet, the company claims.
The mining pod, via RedLock