Cryptomining attacks hijack Tesla’s AWS servers

Believing you are immune from cryptomining attacks is a fallacy.

There is currently a large shift happening in the form of cyber attack suffered, from ransomware over to cryptomining attacks.

Cryptomining attacks result in untold profits for cybercriminals and can run for very long periods of time undetected. Lawful cryptomining itself can be a profitable business, but those profits ramp up when you are not paying for the hardware or facing the electricity bills that result.

Researchers at RedLock have released their February 2018 Cloud Security Trends report, stating “The soaring value of cryptocurrencies is prompting hackers to shift their focus from stealing data to stealing compute power in an organization’s public cloud environment. The nefarious network activity is going completely unnoticed due to a lack of effective network monitoring.”

It has been recently revealed that Tesla has fallen victim to cyber criminals generating cash through cryptomining attacks. The researchers said they discovered the intrusion while trying to determine which organization left credentials for an Amazon Web Services (AWS) account open to the public Internet. “Essentially, hackers were running crypto mining scripts on Tesla’s unsecured Kubernetes instances,” said researchers. “To conceal their identity, the scripts were connecting to servers that reside behind CloudFlare, a content delivery network.” Threat actors kept the CPU usage low to avoid suspicion and hid the true IP address of the cryptomining pool. This made it difficult for domain and IP-based threat detection systems to identify the activity.

So, who is at fault for this breach? Some say Tesla should have a better awareness of Threat Actors and more procedures in place to deal with this, but the reality is that both should share the responsibility. Amazon could also do more, as these attacks are becoming more frequent and security has not been improved in this area. There are still many organisations that have unsecured or inadequately configured servers suggesting it is only a matter of time before more of these attacks succeed. For many the best solution is advanced threat detection software that operates in real time and can detect zero-day attacks

Cybersecurity Measures

If Amazon were to implement further security measures this still does not absolve customers of their responsibility to keep on top of regular monitoring, service scans or change management within their infrastructure. If credentials are used to access AWS services then it is very challenging to determine if their use is legitimate meaning customers have a heavy responsibility to keep their data secure.

What does this mean to you?

Well, at a basic level every organisation needs to ensure that regular scanning and reporting is discussed in weekly meetings between stakeholders, and processes are up to date and correctly implemented.

The risk is real and the results can be incredibly damaging to most organisations, but with correct cybersecurity, information policies and best practices taught through cybersecurity awareness training, this risk can be minimized.

Previous Post
Facebook data collection justified | Phishing Forensics
Next Post
Ransomware or phishing emails – which is the greater threat?

Related Posts

No results found.

Menu

 

Talk with any expert

Speak with us about cyber-security awareness training, data backup services, malware, data protection and any GDPR issues.

Call +44 23 9241 4347 (office hours) or use the contact form below:



    CSFA know-it - CSFA protect-it - CSFA back-it

     

    Talk with an expert

    Speak with us about your cybersecurity needs. We use cutting edge training techniques, provide the strongest multi-vector attack software protection and supply word-class data backup systems, capable of restoring systems in as little as 6 seconds!

    Call +44 23 9241 4347 (office hours) or use the contact form below:



       

      CSFA know-it   -    CSFA protect-it   -   CSFA back-it

       

      Talk with an expert

      Speak with us about cyber-security awareness training, data backup services, malware, data protection and any GDPR issues.

      Call +44 23 9241 4347 (office hours) or use the contact form below:



        CSFA know-it - CSFA protect-it - CSFA back-it

         

        Talk with a experts

        Speak with us about your cybersecurity needs. We use cutting edge training techniques, provide the strongest multi-vector attack software protection and supply word-class data backup systems, capable of restoring systems in as little as 6 seconds!

        Call +44 23 9241 4347 (office hours) or use the contact form below:



           

          CSFA know-it   -    CSFA protect-it   -   CSFA back-it

           

          Talk with our team

          Speak with us about cybersecurity awareness training, cyberfraud & ransomware protection, data backup services, malware, data protection and any GDPR issues.

          Call +44 23 9241 4347 (office hours) or use the contact form below:



            CSFA know-it - CSFA protect-it - CSFA back-it

             

            Book A Confidential Discovery Call

            I would like to see details of how cybersecurity awareness training can reduce risk to my business.




               

              CSFA know-it - CSFA protect-it - CSFA back-it