For many hackers, the production of cryptocurrency by using outside computing power has become more attractive than, for example, data theft. By placing a hidden miner on the victim’s site or server the attacker can receive cryptocurrency in his anonymous wallet until someone detects and removes the virus.
The newest victim of hidden mining was the company Tesla. Due to the fact that the Kubernetes application management console was not password protected, hackers penetrated the system and found company credentials for Amazon Web Services (AWS).
Confidential information was stored on the Amazon virtual servers that Tesla used, including telemetric data of electric vehicle test designs. Apparently, the attackers were not interested in the data, but simply built in a Monero cloud miner.
The attackers tried to disguise the miner by tuning it through a non-standard port and using the CloudFlare CDN service. To avoid suspicion, only a small part of the total server capacity was used for mining.
RedLock specialists reported the fact that Tesla servers had been compromised.
In the past, similar cases have occurred with Gemalto, a manufacturer of SIM-cards, and the insurance company Aviva. Also in 2016, hackers were able to access AWS from Uber. It turned out that cybercriminals stole the personal data of 50 million passengers and 7 million drivers. Uber paid off and hid the incident from its users.
Recently, hackers managed to integrate a hidden miner into thousands of government websites in the U.S. and the U.K. using a plug-in for the visually impaired. Also, a popular script for web-mining, Coinhive, was distributed through YouTube advertising.