The world is dynamic and it is changing rapidly. This has always been true. But look at how quickly it has changed in the last ten years. — Internet of things, virtual reality, cryptocurrencies, it’s all happening! Nothing is stagnant. It does not stand still. And neither do you. Like it or not, the digital world is the real world these days and cryptocurrency is the most talked about currency which may improve the global finance toward a future with technology in currency. The easiest way to make quick money is mining cryptocurrency. This time, however, researchers at California based Cloud threat defense company RedLock have discovered that hackers have compromised Tesla’s Amazon cloud account to mine cryptocurrency. Let’s take a look what exactly happened
A group of attackers were able to break the security of Tesla’s Amazon cloud server and mine digital currency through it. Besides, it additionally enabled them to get to the organization’s exceedingly delicate information, for example, telemetry. Researchers said that hackers figured out how to get into the administration console for Tesla’s Kubernetes account since it wasn’t password protected. Kubernetes is an open-source framework composed by Google for upgrading cloud applications. As per RedLock’s researchers, the incident was found while searching for publically uncovered Amazon Web Services (AWS) servers and one of them ended up being of Tesla, open for public use without any password. Below figure is showing us the exposed credentials of Tesla’s AWS environment
According to RedLock’s researchers “The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod (an open-source system developed by Google and now maintained by Cloud Native Computing Foundation.), access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry,”
In short, attackers used cryptojacking technique to mine cryptocurrency. You can read my previous post to know more about cryptojacking. They also concealed the genuine IP address of the mining pool server behind CloudFlare,a free content delivery network (CDN) service and because of that they were able to use new IP address on-demand by registering for free CDN services. This makes IP address based detection of crypto mining activity even more tough. The below figure shows us the Crypto mining script running in Tesla’s Kubernetes pod.
The RedLock’s researchers immediately reported the incident to Tesla and the issue was quickly solved. Tesla sent a statement to media outlets in which it said “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way”
How to prevent such compromises?
- Monitor configurations: Organizations should monitor risky configurations. If you notice that your CPU goes into overdrive, it may be due to cryptojacking. You should closly monitor CPU’s usage.
- Monitor Network Traffic:Organisations should closly monitor network traffic.They should monitor network traffic and compare it with configuration data.
- PEPE Coin Price to Reach $5 in the Next Seven Days?
- Elon Musk: Cryptocurrency Is Better Than Paper Money
- Cryptojacking In The Real World
- Shiba Inu Price Prediction: How High can SHIB Price reach by 2030?
- Trustwave Discovers Cryptojacking Malware On Make-A-Wish Foundation website
- How To Protect Your Cryptocurrency Against Hackers?
- Bitcoin Investor Sues AT&T
- New Zealand Crypto Exchange Cryptopia Hacked
- Beware! New Cryptocurrency-Mining Android Malware is Spreading Rapidly
- Telegram Zero-Day Vulnerability Used By Hackers To Spread Cryptocurrency Miner.
- BREAKING News: Ledger Library Compromised, Urgent Security Alert for Multiple DApps and Ledger Users
- Cryptocurrency Exchanges Leaks Analysis From Group-IB
- IBM Wins Patent For Blockchain Network Security System
- Crypto And Blockchain News Weekly: Juventus FC, SBI Ripple Asia, Cryptojacking And Much More
- Q2 2018 Sees an 85% Increase in Crypto Malware Attacks
- Malware attacks SCADA network to mine cryptocurrency
- Has Your Computer Been Cryptojacked?
- Hackers Hacked Internet’s Core Infrastructure to Steal Ethereum
- Cryptojacking Malware Grew By 629% Says McAfee
- You can STILL Buy Tesla with Dogecoin, but NOT with Bitcoin Anymore?
- Top Crypto News of the Week in 7 minutes
You might also like
More from Crypto
Let's peek into the world of GG: Solana Hunger Games – it's not just pixels and code; it's a journey …
Despite the speculative chatter of price drop, ADA stands firm in the market. Let's take a look at this Cardano …