Tesla's cloud account hacked to mine cryptocurrency

The company says no customer data was compromised There was a time when ransomware was the weapon of choice for hackers. Now, it seems tha...

The company says no customer data was compromised

There was a time when ransomware was the weapon of choice for hackers. Now, it seems that cryptohacking has become the preferred method of making money. Following a recent number of mining hacks, Tesla has become the latest firm to fall victim to malicious cryptominers.

Unlike last week’s incident in which thousands of web pages were found to contain cryptomining malware, it was Tesla’s cloud environment that was exploited in this instance.

Cloud security firm RedLock reports that Elon Musk’s company was infiltrated though its Kubernetes console—an open-source package used to deploy and manage application containers, virtualized software, and some cloud-based services. The console was not password protected, allowing hackers to access Tesla’s login credentials for Amazon Web Services via a Kubernetes pod.

"Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry," explained RedLock's researchers.

RedLock’s Cloud Security Intelligence (CSI) team discovered the cryptocurrency mining scripts operating on Tesla Kubernetes instances, which let the hackers use Tesla AWS resources to mine cryptos.

RedLock CTO Gaurav Kumar told Gizmodo the attackers leveraged the Stratum mining protocol. They avoided detection by configuring the software to connect to an ‘unlisted’ destination, rather than a well-known public mining pool, and kept CPU usage low. They also hid the true address of the mining pool server behind an IP address hosted by content delivery network Cloudflare, and the mining software was configured to listen on a non-standard port, making it harder to detect malicious activity based on port traffic.

The RedLock team reported its findings to Tesla immediately, and the issues were fixed “quickly.” The EV firm says no important data was compromised.

We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.


English News techspot.com
Techno - Gampong IT - Reference Information Technology: Tesla's cloud account hacked to mine cryptocurrency
Tesla's cloud account hacked to mine cryptocurrency
Techno - Gampong IT - Reference Information Technology
Tidak ditemukan artikel apapun LIHAT SEMUA Selengkapnya Balas Batal Balas Hapus Oleh Beranda HALAMAN ARTIKEL Lihat Semua REKOMENDASI LABEL ARSIP SEARCH SEMUA ARTIKEL Tidak ditemukan posting yang sesuai dengan permintaan Anda Halaman Utama Minggu Senin Selesa Rabu Kamis Jumat Sabtu Min Sen Sel Rab Kam Jum Sab Januari Februari Maret April Mei Juni Juli Agustus September Oktober November Desember Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des baru saja 1 menit lalu $$1$$ minutes ago 1 jam lalu $$1$$ hours ago Kemarin $$1$$ days ago $$1$$ weeks ago lebih dari 5 minggu yang lalu Pengikut Ikuti KONTEN PREMIUM Silakan share untuk membuka Salin Semua Code Pilih Semua Code Semua kode disalin ke clipboard Anda Tidak dapat menyalin kode/teks, silakan tekan [CTRL] + [C] (atau CMD + C dengan Mac) untuk menyalin