[BreachExchange] Hackers tricked GoDaddy into helping attacks on cryptocurrency services

Destry Winant destry at riskbasedsecurity.com
Tue Nov 24 10:31:17 EST 2020


https://www.engadget.com/godaddy-tricked-into-helping-cryptocurrency-attack-220911454.html

GoDaddy’s 2020 security woes aren’t over. KrebsOnSecurity has found
that hackers tricked GoDaddy employees into handing ownership or
control of multiple cryptocurrency services’ web domains,
inadvertently aiding attacks that brought sites down. It’s not certain
how many companies fell victim to the effort, but Liquid.com and
NiceHash reported problems within days of each other. Bibox, Celsius
and Wirex might also have been among the targets, although they
haven’t confirmed anything as of this writing.

It’s uncertain just how the hackers succeeded, but a successful March
campaign against sites like Escrow.com likely relied on “vishing,” or
voice calls that point targets toward phishing sites meant to harvest
account sign-ins. Attackers frequently try to convince staff they’re
from a company’s IT department and just want to resolve technical
issues.

A GoDaddy spokesperson confirmed that a “limited number” of staff had
fallen victim to “social engineering” attacks that let the intruders
make unauthorized changes to domains and accounts. It responded by
reverting changes, locking down accounts and helping victims regain
access.

This comes roughly a year after a data breach affecting 28,000 hosting
accounts and doesn’t help with GoDaddy’s image. It may have been
difficult for the company to void vishing, mind you. GoDaddy has
joined many other companies in having staff work remotely during the
COVID-19 pandemic. That could make it harder to verify the legitimacy
of a caller or website. As such, this might be a problem for many
companies, even once it’s safe to return to offices.


More information about the BreachExchange mailing list