Tesla was confirmed to be the target of a ransomware conspiracy by Russian hacker Egor Igorevich Kriuchkov(Muncaster 2020). He approached a Tesla worker and teamed up to deploy malware that can help steal sensitive data, the firm was required to pay up for lost information or risk it going public.
The malware was deployed by the insider with network access, there was a separate DDoS attack made to distract Tesla’s IT Team. Kriuchkov first approached the Tesla employee via WhatsApp before meeting with them socially and offering a $1m to help with the plot.
Apparently Kriuchkov had successful schemes before and had received over $4m payout from other corporations. This reinforces the importance of ransomware victims to refuse payout, as it leads to more leverage to exploit.
Muncaster, P. 2020. Tesla Was Target of Russian Ransomware Conspiracy. Retrieved from: https://www.infosecurity-magazine.com/news/musk-tesla-target-russian/
Discussion Question:
- What type of screening does Tesla require for their employees?
- How can they better train their workers on social engineering and is there any incentive to be the “whistleblower”?
Wow, this was one of the biggest stories in cyber security this week. This reaffirms my belief that social engineering is still the oldest hack in the book. I did a bit of research on this story as I’m curious as to what happened to the employee that was contacted. Was this employee seriously considering Kriuchkov’s offer? According to the article Kriuchkov took the employee out multiple times to fancy destinations. Or, was the employee playing possum the entire time until he had enough information to give the FBI. I would like to think that the employee would never give up Tesla, and was just information gathering for the FBI until they had the information to make a proper arrest.