GoDaddy staff fall prey to social engineering scam in wave of cryptocurrency exchange attacks

GoDaddy employees have been exploited to facilitate attacks on several cryptocurrency exchanges via social engineering and phishing.

Domain name registrar staff were the subject of a social engineering scam that tricked them into modifying emails and registration records, which were used to carry out attacks against others organizations.

Also: The best web hosts: find the right service for your site

As security expert Brian Krebs reported last week, GoDaddy confirmed that the scam resulted in the “modification” of a “small number” of customer domain names earlier this month.

Starting in mid-November, scammers ensured that email and web traffic destined for cryptocurrency exchanges was redirected. Liquid.com and NiceHash cryptocurrency trading positions have been affected, and it is suspected that other exchanges may have been affected as well.

According to Liquid CEO Mike Kayamori, a security incident on November 13 was caused by GoDaddy’s improper transfer of control of an account linked to the company’s major domain names.

“This gave the actor the ability to change DNS records and, in turn, take control of a number of internal email accounts,” Kayamori said in a blog post. “In due time, the malicious actor was able to partially compromise our infrastructure and gain access to document storage.”

Liquid.com contained the attack after it was discovered, and although the attacker was able to access users’ encrypted emails, names, addresses, and passwords, customer funds were accounted for.

In the case of NiceHash, the company blamed GoDaddy for “technical issues” resulting in “unauthorized access” to domain settings, resulting in modification of nicehash.com’s DNS records.

Also: Best VPN 2020: NordVPN, PureVPN, others with free VPN tiers

This attack took place on November 18. NiceHash responded quickly, freezing all wallet activity to prevent any loss of the user’s cryptocurrency. Withdrawals were put on hold for 24 hours while an internal audit took place and normal service has since resumed.

NiceHash says it does not appear that user information has been exposed or compromised, but calls for caution if users receive any suspicious links or emails claiming to be from the cryptocurrency exchange.

The company also recommended that users change their passwords and enable two-factor authentication (2FA) for added security.

Speaking to Krebs, NiceHash founder Matjaz Skorjanc added that attackers attempted to force reset passwords on third-party services, including Slack, but NiceHash was able to fend off those attempts.

A spokesperson for GoDaddy said the domain registrar “immediately locked down the accounts involved in this incident, rolled back all account changes and helped affected customers regain access to their accounts.”

TechRepublic: It’s time for banks to rethink the way they secure customer information

The spokesperson added that as “threat actors become more sophisticated and aggressive in their attacks, we are constantly educating employees on new tactics that could be used against them.”

In May, GoDaddy reported a security breach in which an individual was able to access SSH accounts within the company’s hosting infrastructure without authorization. GoDaddy said there was no evidence of tampering that could impact customers, but security features would be provided free of charge for one year to anyone involved.

Prior and related coverage


Do you have any advice? Contact us securely via WhatsApp | Call +447 713 025 499, or Keybase: charlie0



Source link

James F. So