GoDaddy employees were exploited to attack waves on multiple cryptocurrency exchanges through social engineering and phishing.
Staff at the name registrar were subject to a social engineering scam that duped them into changing email and registration records, wont to conduct attacks on other organizations.
As stated by the security expert Brian Krebs a few days ago, GoDaddy confirmed that the scam led to a “small number” of customer domain names being ‘modified” in the beginning of this month.
Starting in mid-November, attackers ensured that email and web traffic intended for cryptocurrency exchanges were all redirected. Liquid.com and therefore the NiceHash cryptocurrency trading posts were impacted, and it’s suspected that other exchanges can also be affected.
This gave the actor the power to vary DNS records and successively take hold of a variety of internal email accounts. In due course, the malicious actor was ready to partially compromise our infrastructure, and gain access to document storage.
In NiceHash’s case, the corporation blamed “technical issues” at GoDaddy leading to “unauthorized access” to domain settings, resulting in the DNS records for nicehash.com being changed.
This attack occurred on November 18.Withdrawals were suspended for twenty-four hours while an indoor audit happened and normal service has since resumed.
The company also recommended that users change their passwords and enable two-factor authentication (2FA) to get on the safe side.
Speaking to Krebs, NiceHash founder Matjaz Skorjanc added that the attackers attempted to force password resets on third-party services, including Slack, but NiceHash was ready to debar these attempts.
TechRepublic: it is time for banks to rethink how they secure customer information
The spokesperson added that as the threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly training employees about new tactics which may be used against them.
In May, GoDaddy reported a security breach during which a private was ready to access SSH accounts within the firm’s hosting infrastructure without permission. GoDaddy said there was no evidence of tampering that might impact customers, but security bolt-ons would be provided for a year, for free, to anyone affected.