Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet Security The Almighty Buck

Email and Web Traffic Redirected for Multiple Cryptocurrency Sites After GoDaddy Attack (krebsonsecurity.com) 10

"Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week," reports security researcher Brian Krebs: The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, KrebsOnSecurity has learned...

This latest campaign appears to have begun on or around Nov. 13, with an attack on cryptocurrency trading platform liquid.com. "A domain hosting provider 'GoDaddy' that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor," Liquid CEO Kayamori said in a blog post. "This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage."

In the early morning hours of Nov. 18 Central European Time (CET), cyptocurrency mining service NiceHash disclosed that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site. NiceHash froze all customer funds for roughly 24 hours until it was able to verify that its domain settings had been changed back to their original settings. "At this moment in time, it looks like no emails, passwords, or any personal data were accessed, but we do suggest resetting your password and activate 2FA security," the company wrote in a blog post. NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their access to its incoming NiceHash emails to perform password resets on various third-party services, including Slack and Github. But he said GoDaddy was impossible to reach at the time because it was undergoing a widespread system outage in which phone and email systems were unresponsive. "We detected this almost immediately [and] started to mitigate [the] attack," Skorjanc said in an email to this author. "Luckily, we fought them off well and they did not gain access to any important service. Nothing was stolen...."

[S]everal other cryptocurrency platforms also may have been targeted by the same group, including Bibox.com, Celcius.network, and Wirex.app. None of these companies responded to requests for comment.

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that "a small number" of customer domain names had been modified after a "limited" number of GoDaddy employees fell for a social engineering scam.

This discussion has been archived. No new comments can be posted.

Email and Web Traffic Redirected for Multiple Cryptocurrency Sites After GoDaddy Attack

Comments Filter:
  • by RitchCraft ( 6454710 ) on Saturday November 21, 2020 @04:42PM (#60751988)
    You would think the training of employees at a registrar this size would mitigate such simple attacks.
    • by 93 Escort Wagon ( 326346 ) on Saturday November 21, 2020 @05:31PM (#60752118)

      GoDaddy is the biggest because it is dirt cheap. If "being the cheapest" is the core of your business model, it doesn't exactly lead you to hire quality people.

    • You would think the training of employees at a registrar this size would mitigate such simple attacks.

      But only a "limited" number. In other words, infinite numbers of GoDaddy employees did not fall for it.

    • Unsurprising. A friend had a site at godaddy. She was very bad with computers, well tech in general. She lost her password, had no idea the CC associated with the account, could not correctly answer any question they posed to her. End result, they gave her a new password and access. I made a mental note, never ever use godaddy.
    • This is corporate speak for "Not everyone was affected, but it was definitely a lot more than we want you to believe."

      Although in this specific case, it was sort of spear-phishing grade, targeted attacks. The number of their affected customers may have been quite small, but the number of affected end users is likely quite large.

      And as for social engineering and training... when you're paying rock bottom for your registrar, everything about them is going to be low quality, including their training of their

  • by Ecuador ( 740021 ) on Saturday November 21, 2020 @05:21PM (#60752086) Homepage

    GoDaddy has a horrible track record, they are quite notorious for screwing customers and I would think they are only used by people with no knowledge looking for a cheap registrar. Why on earth would they be trusted for anything serious. Of course, these "cryptocurrency sites" might also be anything but serious, which I guess would explain it...

  • We should always choose the company that offers the best commercials, and that is by far GoDaddy.

  • I saw this when coinbase had disruptions. They handled it really well. So, crypto companies have money and godaddy's terms of service are about as good as toilet paper at this level of incompetence so they're going to get obliterated in court.

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!

Working...