GoDaddy at https://www.godaddy.com is a leading web hosting company with 21 million users worldwide and many small businesses. It has been reported that a cyber group has gained access to its servers and installed malware. Part of the stolen data included employees’ and customers’ login credentials, and the flaw allowed attackers to install malware, which would redirect customers’ websites to malicious domains. According to reports, unidentified hackers stole the company’s source code.
A GoDaddy spokesman said the attack was executed by a 'sophisticated group' targeting various hosting services to infect websites and servers with malware. US law enforcement agencies have also confirmed that a security breach occurred, performed by an organized hacking group. “In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company wrote in a blog. Upon receiving these complaints, we investigated and found that the intermittent redirects were happening on seemingly random websites hosted on our cPanel shared hosting servers and were not easily reproducible by GoDaddy, even on the same website.”
In a filing with the US Securities and Exchange Commission (SEC), GoDaddy revealed that since 2020 it has suffered three serious security breaches. The most recent attack resulted in a short outage in which customer websites were redirected. “Once we confirmed the intrusion, we remediated the situation and implemented security measures to prevent future infections,” GoDaddy said in a statement.
Coincident with the attack, GoDaddy says it received various customer complaints regarding their websites being intermittently redirected. This led the web hosting company to identify the intrusion and implement security measures to prevent future issues.
The hackers used known compromised credentials to access the system. Hosting companies have a particularly high profile and make an attractive target for attackers, offering an aggregation effect as they host a lot of web infrastructure; consequently, hacking one target offers the potential to extort many customers.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
• Reporting: https://www. redskyalliance. org/
• Website: https://www. wapacklabs. com/
• LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
Comments