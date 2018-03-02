Tesla and Jenkins have become the latest victims of data infiltration and cryptojacking. In the Tesla case, the exploits started when a Tesla Kubernetes cluster was compromised because the administrative console was not password protected. Once an attacker gains admin privilege of the Kubernetes cluster, he or she can discover all the services that are running, get into every pod to access processes, inspect files and tokens, and steal secrets managed by the Kubernetes cluster.

Not only did the attacker locate Tesla’s Amazon S3 bucket credentials, but they also started a crypto mining script within one of the pods. Several evasive measures were used by the attacker to avoid being detected.

No well known mining software was used, avoiding detection by anti-malware software.

The mining pool server was hidden behind the reputable CDN services using the non-standard port. (This has become the common practice for the data infiltration. The attackers have been using public services such as Dropbox and Google Drive to upload stolen data, which render the IP and domain black-list approach useless.)

CPU usage of the crypto mining software was throttled to make it unnoticeable.

In the Jenkins case, hackers used an exploit to install malware on Jenkins servers to perform crypto mining, making over $3 million to date. Although most affected systems were personal computers, it’s a stern warning to enterprise security teams planning to run Jenkins in containerized form that constant monitoring and security is required for business critical applications.

Read the entire article here, Cryptojacking and Crypto Mining – Tesla, Kubernetes, and Jenkins Exploits

