Tag Archive for: GoDaddy

GoDaddy Says Recent Hack Part of Multi-Year Campaign

/in


GoDaddy has disclosed another cybersecurity incident and the company believes the attack was part of a multi-year campaign conducted by a sophisticated threat actor.

In a statement published last week on its website, the hosting giant said a small number of customers complained in early December 2022 about their websites being intermittently redirected. An analysis showed the redirects occurring on apparently random sites hosted on GoDaddy’s cPanel shared hosting services. The redirects were difficult to reproduce.

Further analysis revealed that hackers had breached servers in the company’s cPanel shared hosting environment and installed malware that caused customer websites to intermittently redirect their visitors.

“We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities,” GoDaddy said

In a 10-K report filed with the US Securities and Exchange Commission (SEC), the hosting company said it believes this and other attacks were part of a multi-year campaign conducted by a sophisticated threat actor that — among other things — installed malware on its systems and obtained source code associated with some of its services. 

The same SEC form includes a brief description of previously disclosed incidents that appear to be part of the same campaign. One of them came to light in May 2020, after GoDaddy discovered that the hosting login credentials of 28,000 customers — as well as the credentials of some employees — had been compromised

GoDaddy also mentioned a November 2021 incident where a compromised password was used to access a provisioning system linked to Managed WordPress services. This hack impacted 1.2 million customers across several GoDaddy brands. 

“To date, these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business or operations, but such threats are constantly evolving, increasing the…

Source…

GoDaddy joins the dots and realizes it’s been under attack for three years • The Register

/in


In brief Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020.

The business took the unusual step of detailing the attacks in its Form 10-K – the formal annual report listed entities are required to file in the US.

The filing details a March 2020 attack that “compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel” and a November 2021 breach of its hosted WordPress service.

The latest attack came in December 2022, when boffins detected “an unauthorized third party gained access to and installed malware on our cPanel hosting servers,” the filing states. “The malware intermittently redirected random customer websites to malicious sites.”

GoDaddy is unsure of the root cause of the incident, but believes it could be the result of “a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.”

“To date, these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business or operations,” the filing states – showing enormous empathy for customers whose sites were redirected in the most recent attack, or impacted by the earlier incidents.

In a brief statement on the incident, GoDaddy hypothesized that the goal of the December 2022 attacks “is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.”

– Simon Sharwood

Moscow considers legalizing hacking – but only for the glory of Mother Russia

The Russian government is working on changes to its criminal code that would legalize hacking in the Federation – provided it’s being done in the service of Russian interests, of course. 

According to Russian news service TASS, Alexander Khinshtein, head of the state Duma committee on information policy, wants exemptions from liability given to hackers, but aside from tossing the idea…

Source…

GoDaddy Hack Spreads to 6 More Web Hosts

/in


The hack that exposed the details of 1.2 million GoDaddy customers has spread to six more web hosts. As Search Engine Journal reports, the six additional web hosts are all resellers of GoDaddy’s WordPress hosting services and include 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost.

Customers of at least two of these web hosting companies have been sent emails very similar to the one GoDaddy sent out regarding the security breach. The hack they experienced also targeted Managed WordPress accounts and managed to leak email addresses, customer numbers, WordPress Admin passwords, sFTP database usernames and passwords for active customers, and in some cases SSL private keys.

WordPress security plugin maker Wordfence confirmed the hack has spread to these web hosts and published a quote from Dan Rice, VP of Corporate Communications at GoDaddy, as to the extent of the attack:

“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”

The intrusion began on Sept. 6, giving the attacker plenty of time to take advantage of the user data and access to accounts. It’s currently unknown how that access to the data has been used. All customers affected by the breach at the web hosts listed above need to be vigilant and extra cautious with the emails they receive.

Hopefully each company has either contacted or is in the process of contacting affected customers with the measures taken to close the security hole. If you believe your account was compromised and haven’t been contacted, be proactive and contact your web host to confirm the status/health of your account.

Source…

GoDaddy sends employees fake Christmas bonus email as security test

/in


Might as well have offered a lump of coal.

Internet domain behemoth GoDaddy sent employees an email promising a Christmas bonus — that turned out to actually be a computer security test.

Some 500 staffers clicked on the Dec. 14 email from the Arizona-based company that offered a $650 holiday bonus and asked them to fill out a form with their personal information.

“Happy Holiday GoDaddy! 2020 has been a record year for GoDaddy, thanks to you!,” said the message, obtained by Phoenix TV-station KPNX.

“Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!” 

Two days later, employees got an email from GoDaddy’s security chief that read: “You are receiving this email because you failed our recent phishing test,” the Copper Courier newspaper reported.

Many social media users raked GoDaddy over the coals, calling the test tone-deaf amid the coronavirus pandemic that’s left millions of Americans financially reeling.

The company on Thursday said it apologized to people who felt the email was “insensitive,” adding it “takes the security of our platform extremely seriously.”

“We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” a spokesman said in a statement.

With Post wires

Source…