Details emerged this week of a failed multi-million dollar ransomware attack against Tesla which attempted to bribe an employee to hand deliver the malware.
According to the legal case files, a Russian named Egor Igorevich Kriuchkov travelled to Nevada in order to contact and then recruit a Tesla employee and offered him $1million in order to deliver the malware into Tesla’s Gigafactory’s network. The employee reported the contact to Tesla who then involved the FBI. The FBI then conducted a sting operation to obtain details of the planned attack and evidence to prosecute Kriuchkov.
Interesting revelations from the recorded conversations include:
- The malware would take 6-8 hours to propagate across the Tesla network and so the attack would be disguised by a separate DDOS attack which would appear to fail – the aim being to distract the Tesla security operations team from the real danger of the ransomware in the network.
- The cyber-gang behind the attack claimed to have been bribing staff to help them install malware into their targets for the last three and half-years and in most cases the employee who aided the criminals still worked at the same company.
This case provides a salutary reminder of the need to account for the human element when designing security policy and procedures. In Tesla’s case, the criminals believed that a single USB drive connected to the right computer would be able to introduce malware that could infect the entire network. Exterior perimeter security is not enough, strong internal defences are also needed to both segment the network to prevent horizontal movement of malware and to detect active attacks within the network itself.
An Internal Network Penetration Test will identify those areas of weakness in your network design and defences. Internal Penetration Tests take place behind the firewall, with the tester playing the role of a malicious employee or attacker who has co-opted an employee or device within the network to provide a beachhead to launch the attack.