😱Cryptoseach in Tesla, hackers use the passwordless system to mine crypto

image

The company Cloud of Intelligent Security (CSI) RedLock has revealed a new case of cryptocurrency hijacking that has focused on the Amazon Web Service (AWS) of Tesla, the software container, the RedLock blog reported yesterday, February 20.

image

The jaquers accessed the access credentials of the Tesla AWS for a Kubernetes software container without password protection. The checkers used the Kubernetes container to mine cryptocurrencies for an unknown period of time.

RedLock's CSI team exposed a similar AWS check for Bitcoin mining (BTC) at the Aviva and Gemalto companies in October last year. These companies, like Tesla, do not have passwords from their management consoles.

Tesla's check was disguised well; the jaquers did not use a well-known mining pool, but instead put their own mining pool software that connects the malicious script to an "unlisted" endpoint, complicating the ability to detect any suspicious activity.

The jaquers also kept the use of their CPUs low to avoid being discovered, and hid the IP address of the mining pool behind a free content delivery network, CloudFlare, informs RedLock.

Tesla had already given the news last year of an innovative way to make use of its technologies to mine Bitcoin in a totally involuntary way by the company. In December 2017, the owner of an electric car Tesla S reported that he had been mining Bitcoin with his car's supercharger, placing a mining platform in the trunk.

image

The RedLock blog post that gives details of the hacking, entitled "Lessons from the Cryptosecret Attack in Tesla," concludes with suggestions for companies to anticipate similar cryptosequence incidents in the future, specifically by monitoring configurations, controlling network traffic. , and the behavior of suspicious users.

And, as TechCruch adds, "at least [using] a password."

image