GoDaddy, the world’s biggest domain name registrar, admitted that a number of its customers’ domain names, including several prominent cryptocurrency firms, had been modified after some of its employees fell for a social engineering scam. The US publicly traded internet domain registrar and web hosting company is the latest victim to suffer security attacks caused by scams targeting employees.
The cyber attackers used a phishing campaign involving email usage tricked GoDaddy employees to click a malicious link/file and consequently revealed ownership and or control over targeted domains to fraudsters.
The latest phishing campaign started on November 13 with an attack on the Liquid.com cryptocurrency trading platform.
Liquid CEO Mike Kayamori said:
“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”
On November 18, NiceHash cryptocurrency mining services also discovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, shortly redirecting email and web traffic for the site. NiceHarsh, therefore, froze all customers’ funds for about 24 hours until it was able to verify that its domain settings had been back to their original settings.
Matjaz Skorjanc, NiceHarsh founder said that attackers made unauthorized changes from an internet address at GoDaddy and attempted to use their access to its incoming NiceHarsh mails to perform password resets on multiple third-party services including GitHub and Slack.
Skorjanc said:
“We detected this almost immediately [and] started to mitigate [the] attack. Luckily, we fought them off well and they did not gain access to any important service. Nothing was stolen.”
Many other cryptocurrency platforms also might have been targeted by the same group including Wirex.app, Celsius.network, and Bibox.com. However, these firms have not responded to the request for comment.
Dan Race, GoDaddy spokesperson, said:
“Separately, and unrelated to the outage, a routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information [...]Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.”
Race mentioned that they immediately locked down the accounts affected in such incident, reverted changes that occurred in those accounts, and helped the affected customers to regain access to their accounts. Race further stated that as malicious actors become increasingly aggressive and sophisticated in their attacks, GoDaddy is constantly educating its employees about new tactics which may be utilized against them and adopting new security measures to prevent future attacks.
Cryptocurrency Scams Becoming Rampant
In late October this year, US President Donald Trump’s 2020 Presidential Campaign website was compromised in an attempt by cyber hackers to gain crypto funds. Cryptocurrency scams are nowadays a popular way that bad actors use to trick people into revealing sensitive data and sending money.
Such scams pop up in several ways like appearing as emails trying to solicit business and investment opportunities or online chain referral schemes. Scammers use such attractive opportunities to entice people including employees, investors, and consumers. Since it is difficult to distinguish scams from legitimate services, it is advisable for people to be cautious, know how to identify potential scams, and avoid falling into victims.
Image source: Shutterstock