KerbsOnSecurity is reporting that yet another social engineering attack has targeted GoDaddy employees as a security breach.
GoDaddy indicates yet another social engineering scam has targeted a “limited” number of employees and was behind multiple outtages on or around November 13th when multiple cryptocurrency platform and services went offline due too “DNS” issues.
GoDaddy had a similar security incident back in October 2019. Where 28,000 of its customers web hosting accounts were compromised.
The attack relies on tricking employees into transferring ownership and/or control over targeted domains to the hackers. These days its easier to trick humans into giving you access by phishing attacks, in this case a series of socially engineered voice phishing attacks. Since covid and the shift for many organizations to work from home these type of attacks are becoming more common and better each time.
Below is a short list of responses from a few of the crypto platforms involved with the incident, some straight up blamed GoDaddy for the issues and others gave out scripted “DNS” issue statements.
Cryptocurrency trading platform Liquid.com released a blog post summarizing the data breach and incident that followed the GoDaddy attack.
On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage. ~ Liquid CEO, Mike Kayamori
Nicehash one of the largest platforms for buying and selling hash power released a blog post summarizing the Nicehash.com outtage and response.
In the early morning (UTC) hours of November 18, 2020, the NiceHash domain was not reachable. The domain registrar GoDaddy had technical issues and as a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed.
Celsius app went down for nearly an entire day, they took to Twitter to keep the Celsians up to date.
As with any outtage customers took to social media and voiced their concerns with funds, ever since Cred filed for bankruptcy investors are weary of cefi platforms.
Once systems came back online and updates sent out, Celsius was generous enough to give it’s clients a special promo code – DNS. To redeem $25 in crypto after you deposited $200, the promo has since ended.
This is pretty generous considering the issue seemed out of their hands and GoDaddy needed to be replaced as the domain host as they’ve proved once again they’re unreliable to secure these platforms.