Electric car manufacturer Tesla recently fell prey to an illicit undertaking called “cryptojacking.”
This is according to a recently released report by cyber security company, Redlock.
Redlock’s research CSI team uncovered that the hackers gained access to Tesla’s Kubernetes console – a system for containerized apps that was originally designed by Google – which unfortunately, was not password protected.
Within one pod, access credentials were left wide-open to Tesla’s AWS (Amazon Web Services) environment which held an Amazon S3 (Simple Storage Service) bucket that contained sensitive data such as telemetry.
Aside from the data exposure, the hackers were mining for cryptocurrency from within one of Tesla’s Kubernetes pods.
The CSI team took note of some advanced evasion measures that were used in the attack. Unlike other crypto mining instances, the hackers did not use a commonly used public mining pool in this attack.
Instead, they placed mining pool software and set up the malicious script to link to an unlisted or semi-public endpoint. This makes it double challenging for standard IP/domain-based threat intelligence feeds to discover the malicious activity, they said.
According to the research, the Tesla hackers also concealed the true IP address of the mining pool server behind Cloudflare, a free content delivery network (CDN) service. The hackers can utilize a new IP address on-demand by logging in for free CDN services. This makes IP address-based recognition of crypto mining activity even harder.
In fact, the mining software was configured to listen on a non-standard port, which makes it difficult to detect the activity based on port traffic. Moreover, the CSI team also noticed on Tesla’s Kubernetes dashboard that CPU usage was not very high. The hackers had most likely constructed the mining software to keep the usage low to evade detection, the research team explained.
Fortunately, the firm had nothing to worry about with regards to the computing resources being diverted to crypto mining anymore. The RedLock CSI team have immediately reported the incident to Tesla and the issue was quickly remedied.
