Tesla left its cloud servers open to cryptomining hackers

By on
Tesla left its cloud servers open to cryptomining hackers
Source: RedLock

Kubernetes admin console exposed.

Electric vehicle maker Tesla has had its cloud server instances compromised by attackers mining virtual currency.

Cloud security vendor RedLock discovered that Tesla had left its Kubernetes administration console accessible to anyone online without any password protection. Kubernetes is a cloud management tool that allows users to quickly spin up and delete server instances.

RedLock also discovered that Tesla had stored its Amazon Web Services login credentials in a Kubernetes pod.

Hackers used these credentials to access Tesla's Simple Storage Service (S3) bucket, which contained sensitive data such as vehicle telemetry, RedLock said.

The malware used was the WannaMine script, which is designed to mine the Monero virtual currency. It uses the Mimikatz tool to extract login credentials from computer memory to infect other systems on the same network.

RedLock noted that the attackers had taken care to hide their activity by configuring WannaMine so it would not use large amounts of processing power.

They also put the IP address used by their unlisted mining pool server behind the CloudFlare reverse proxy, and communicated with it via a non-standard network port to further evade detection.

Tesla was notified by RedLock of the issues and has taken measures to rectifiy the breach, the security firm said.

It said it had also found UK-based insurer Aviva and SIM card and security device vendor Gemalto had similarly left their Kubernetes consoles unprotected and accessible via the internet.

While neither company appears to have been breached, RedLock warned that the Aviva and Gemalto Kubernetes consoles were just two of several hundreds open to abuse through lack of password protection.

Attacks featuring malware that mines for virtual currency are becomingly increasingly popular.

Earlier this month, a researcher found more than 4000 websites, including Australian government sites, were running a compromised third-party accessibility script that had executed the Coinhive crypto currency malware.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cloud cryptocurrency kubernetes redlock security tesla

Sponsored Whitepapers

Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights
Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data
Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data
Technology skill development: The strategy for building better teams
Technology skill development: The strategy for building better teams

Events

Most Read Articles

Aussie Broadband makes late push for NBN high-speed upgraders

Aussie Broadband makes late push for NBN high-speed upgraders
Australian Covid-19 vaccine certificates come to digital wallets

Australian Covid-19 vaccine certificates come to digital wallets
Any Android security app is better than Google Play Protect

Any Android security app is better than Google Play Protect
Services Australia shifts most Centrelink payments to SAP S/4 HANA

Services Australia shifts most Centrelink payments to SAP S/4 HANA

Log In

Email:
Password:
  |  Forgot your password?