The latest tech firm to become a victim of a social engineering attack is GoDaddy, a prominent domain name and web hosting service. According to a report by KrebsOnSecurity, there were security breaches reported by a number of crypto companies that were hosted on GoDaddy’s platform. The series of attack began on November 13th with Liquid, a crypto trading platform. Mike Kayamori the chief executive at Liquid, accused GoDaddy in a separate blog post, of transferring access to domain accounts to a malicious actor. The DNS records were changed by the hackers and they took control of the domain account.
This enabled them to get access to the Liquid’s document storage and infrastructure quite easily. Other than Liquid, NiceHash, a crypto-mining service also became a victim of the social engineering attack on GoDaddy. The attack occurred only a couple of days after Liquid’s account had been compromised. It was revealed by NiceHash that hackers had edited its domain registration records on the web host without its permission. Customer funds were immediately frozen by the mining service for 24 hours in order to rectify the problem and prevent any unauthorized transactions. It remains unclear as to how much Liquid lost due to the attack, but NiceHash confirmed that their funds remained intact.
However, the fact that such an attack took place is something to be concerned about. It was noted by KrebsOnSecurity that this is not the first time for GoDaddy to deal with security problems. The news source reported in May that a security breach had occurred on the hosting platform, which had compromised the data of 28,000 employees. The problem had occurred due to another security breach that had happened back in October, 2019. However, GoDaddy hadn’t known about it until April, 2020. The hosting platform made a file with the Attorney General’s Office in California, where it noted that the breach had been restricted to hosting accounts.
Customer accounts and personal information had not been compromised, but GoDaddy had still opted to reset passwords and usernames for its clients. However, unlike this attack, it remains unclear as to how the hackers were able to compromise the firm’s security systems. No additional details were provided by GoDaddy, which left experts guessing. It was noted by KrebsOnSecurity that it seems to be a brute force attack on the security infrastructure of the company. The hosting platform said that it was grateful for the business from its clients and was regretful of what had happened.
They offered free Website Security Deluxe and Express Malware Removal services to everyone for a year, which will run scans on the hosted websites for identifying any potential security vulnerabilities. The major difference between this incident and the previous one is how the hackers gained access. It is usually easy to identify brute force attacks, but social engineering ones tend to be a bit more subtle. A similar case had occurred with Twitter, the social media network, in July, as accounts of several prominent individuals had been compromised.