 So I was running through the news articles of the day I keep up with a lot of different security things and I was dumbfounded to see Tesla cloud resources are hacked to run crypto mining Cryptocurrency mining malware This is pretty crazy right here. And this is scary because one we think of Tesla not just as a car company, but they think of themselves as a tech company that happens to build cars So when we seen the hack for Chrysler, which I think I've talked about before that was a few years ago That was big deal serious because they took control remotely of vehicles Well, you have a company who builds very technical vehicles that have automated driving options and can send updates to cars So you hope because they have such a tech Centric background that they're secure and generally speaking they are and that's why this hack was grab the headlines And it's it's still a really big deal But let's break down the details and I like to cut through the news Because what the news does a lot of times is show you this and I want to jump right to where the source of all this was and I did a Good job here over at red red lock that I owe and I'm gonna leave a link here to this article I'm sure you can find the Irish Technion one if you want to read that one as well But this is really my thoughts on you know, this is starting with the source and what they had here Was a kubernetes System and if you're not familiar with kubernetes, it's it's for remote management of Basically a lot of different servers and you they're specifically using kubernetes to manage all their cloud infrastructures This is your DevOps tool Now this DevOps tool was not locked down. So it's not like they exploited a flaw in kubernetes They exploited a misconfiguration by a DevOps engineer To have all these credentials in here So exposed credentials been in Tesla's there and they broke out the access keys And if you're not familiar how some of this works, so it's really interesting a lot of people get worried about the cloud now Jim really speaking Overall the cloud is fairly secure. You know, you have your big cloud providers such as Azure AWS Google Rackspace and a handful of others and they I think do a pretty good job of securing their Infrastructure, but they're providing you these server platforms and you have to follow good Security hygiene good security procedures to do this now What's great is they have the debrief of how they how they seen the network traffic and how it can you know be understood Now this is where I have debated with some texts I think there's there's I just don't see Endpoint protection is only a piece of it and some people like oh no It just solves it because we look for weird traffic and that's where the hackers keep getting better and better and better Now I've done Saracada, I've done snort I've done videos on these and we talk about how you can use different tools to identify Male traffic and you're like yeah, that'll protect me And I don't want anyone to ever be lured into a false sense security Those are good tools and those are good things to take action on but the way they hid this and the way they did the suspicious behavior Blocked you from seeing it was they used a series of public IPs now I talked before about the cassette hack where they used a drop box, but they uploaded it elsewhere Well, that's how they got caught when you upload elsewhere Well, they registered all this data back and forth to cloudflare and if you're not familiar cloudflare They're basically a large-scale web caching system So there's something there's content delivery network and because there's such a Large content delivery network you always see traffic everything Give a moment things are protected by cloudflare. There's always traffic going back and forth So it doesn't look suspicious. They also used a less common mining software So if you're scanning the systems the mining software itself wasn't common So it wasn't easily found they changed the ports on it And they kind of have this breakdown right here of how they used they were just using the free version of the content delivery network to hide it, but this is where You really have to prevent them from getting in and where we tell people once they've been breached Unless you can really dig down You almost need to start wiping stuff and starting over because you really have to have good logs to figure out where they went What they did and if they use something uncommon if they put something common in there and you found it You removed it, but you had something uncommon So they could eventually just a dropper that runs again Let's say a script that runs every two weeks to kick it back off That's where you really have to be scared. So so much work has to be put on the head end of things That's really where you got to focus on a lot of security because all this is post This is all post disaster your names in the news. Your company's devastated. I'm sure Elon's losing his mind right now Because I read his book and I know he's got quite the temper and I'm sure someone who left credentials open does not have a job So they're probably hiring right now if you're interested and think you can do a better job than this person did Because this is a really big deal that little flaw on the front end is created chaos on the back end So one little oversight so really when you're setting up security think really deep and heavy about that Beginning setup of your dev ops locking everything down double check it And this is where once you think it's done even I do this I've been doing this a while and I do I feel as though I secured it sure But then I have a security friend who I say dude check this out Hey, go ahead and pen test a little bit. Let's poke poke at it a little bit Now did I do things right and I'll even let them inside to see the configurations, you know I follow best practice, but it's good to have someone looking over your shoulder Especially when it's something very critical like this So I just want to you know throw this out here and get your thoughts on that Feel free to comment below But this is you know don't glue yourself into a fall in some security like I can watch because these are all Postmortem After the breaches happen You really need to think first about making sure you've locked down your Kubernetes credentials and not Accidentally uploaded things to the cloud because that's in a public way that happens too. So Anyways, I'm curious feedback on this it's a it's an interesting discussion and But something I want everyone to think about when you're doing security is when you're putting it in We never give them an edge you lock everything down double check it if you have a security friend Keep on retainer if you have a really close friend like mine you can buy him some beer sometimes He'll do it once over on your network, but please get it Get someone good on and it's worth paying for having these third-party security audits on your system once in a while Because you don't want to be in the news later. You want them to find it also on a good note Tesla has a bug bounty program and apparently they paid out for the bug bounty and everything went really well with that so Hats off to red lock for finding this and reporting it and You know that hey pretty cool stuff here check them out They seem to be an interesting company that has some security options as well. I don't know them I'm just I'm just pulling from the source here because they're the team that did it So you got to give kudos to the team that covers these things. All right. Thanks. Hopefully this was interesting Leave your comments below. You know what you think oh Like subscribe and if you like us and want me to make more videos Throw a little money at me if you got if you have it if you don't have it Just enjoy and give me a thumbs up