Earlier this year, Tesla suffered a complex cryptocurrency mining malware infection caused by a misconfiguration in the Kubernetes console. The attackers exploited the fact that the particular Kubernetes console wasn’t password protected, allowing them to access one of the pods that included access credentials for Tesla’s larger AWS environment
Given the amount of driving data that Tesla has, and the apparent scope of the breach, I’m surprised the attackers only mined some crypto. Wonder if that’s because the data is well segregated, or if mining crypto is just more profitable than extracting and leaking data?
From logs I could watch the attackers spend an hour learning how to exploit some vulnerable php code, then learning how the customers admin area worked. Then they changed the html on some rarely seen pages to include google ads point to an account controlled by the attacker. And that was it - no trace of any other monitization or destruction.
The site in question was selling $1,000 a pop training courses via authorize.net. Given the access the attackers had, they could have run off with so many credit card numbers.
In a perfect free market for crime, this would never happen. A break in criminal would sell access to the organization that could extract the most “value” from the target. But as it is, many exploiters do not have the connections to do this, and so usually follow the same “monetization” pattern on target after target.
> In a perfect free market for crime, this would never happen. A break in criminal would sell access to the organization that could extract the most “value” from the target.
I don't know what you mean by "a perfect free market for crime", but penalties are presumably stiffer for cc theft vs selling ads; also more resources will be dedicated to finding the thief in the more severe case. So selling ads might be the right blend for more "conservative" hackers.
Mining crypto is seen as untraceable and therefore "safe". Plus the mining code scales very well, in that it can be run on a great many different hosts at once.
On the surface at least, the crime is seen as extremely low risk with the potential for a massive reward should one get lucky.
Given the amount of driving data that Tesla has, and the apparent scope of the breach, I’m surprised the attackers only mined some crypto. Wonder if that’s because the data is well segregated, or if mining crypto is just more profitable than extracting and leaking data?