Cloud security intelligence (CSI) firm RedLock has exposed a new case of cryptojacking targeting Amazon Web Service’s (AWS) software container, the reported yesterday, Feb. 20.
Hackers accessed Tesla’s AWS access credentials by penetrating a non-password protected Kubernetes . The hackers then used the Kubernetes container to for cryptocurrencies, for an as of yet unknown amount of time.
RedLock’s CSI team of AWS for (BTC) mining purposes at companies Aviva and Gemalta in October of last year. These companies, like Tesla, did not have passwords for their admin consoles.
The Tesla hack was well disguised–the hackers didn’t use an already-known mining pool, but instead put in their own mining pool software than connected the malicious script to an “unlisted” endpoint, complicating the ability to detect any suspicious activity.
The hackers also kept their CPU usage low to prevent being spotted, and hid the mining pool’s IP address behind free content delivery network , RedLock reports.
Tesla had already made the news last year for an innovative way to use their technologies to mine bitcoin in a way completely unintended by the company. In December 2017, the owner of a Tesla S electric car reported that he had been with his car’s supercharger, placing a mining rig in the trunk.
RedLock’s blog post detailing the hack, titled, “Lessons from the Cryptojacking Attack at Tesla,” ends with suggestions to companies to prevent similar cryptojacking incidents in the future, namely monitoring configurations, network traffic, and suspicious user behavior.
And, as adds, “at least [using] a password.”
Published at Wed, 21 Feb 2018 11:02:40 +0000
bitcoin Scams
