FutureStarr

GoDaddy Joins the Dots and Realizes It's Been Under Attack For Three Year

GoDaddy Joins the Dots and Realizes It's Been Under Attack For Three Year

blog_img

GoDaddy, a leading web hosting and domain name services provider, has acknowledged being under attack for three years. This breach allowed hackers to gain access to GoDaddy's source code, allowing malicious software to be installed on its servers.

The security incident at GoDaddy poses a grave concern for any company using their services. Anyone thinking of using GoDaddy for hosting or domain name needs should take note of this serious security breach.

What happened?

GoDaddy's security breach has been anticipated for some time, yet still comes as a shock. For three years, attackers have been pilfering source code and installing malicious malware on customers' websites - this marks their third breach in three years, and this is the first time it's affected all of its customers' domain names simultaneously.

GoDaddy has implemented a security plan that includes installing an anti-malware system on all of its servers and engaging cybersecurity forensic experts to investigate the breach. According to GoDaddy, hackers may have gained access to its cPanel servers and this was ultimately responsible for the security breach.

M.dot is a mobile-first website-building platform designed for "the large group of people out there who don't feel confident using computers, but do own smartphones," according to Dominik Balogh, who co-founded M.dot with Pavel Serbajlo in June 2012. Established in June 2012, the company has raised funding from Floodgate, SV Angel and Archimedes Labs; it will operate out of GoDaddy's new Silicon Valley office and play an integral role in their engineering and product design initiatives.

Why did it take so long?

GoDaddy took three years to realize they were being attacked, but once the dust settled they had no choice but to hire a team of hackers and rebuild their networks. While phishing may not be the most expensive or complex scam ever devised, it's an issue for businesses relying heavily on information technology for operations. Organizations should not only guard against sophisticated cyberattacks but also consider safeguarding their most precious possessions: their people.

What can we do about it?

In 2021, GoDaddy was breached by a hacker who gained access to their network and exposed up to 1.2 million Managed WordPress user email addresses and customer numbers. Furthermore, passwords for these accounts as well as original WordPress Admin passwords set at account creation were exposed.

After the hack, GoDaddy blocked the malicious third party and began alerting affected users. This was done in collaboration with law enforcement and their forensics team which work to safeguard their systems from future attacks.

The security firm asserted they had evidence of an "organized and sophisticated" group carrying out the attack. Their theory is that their intention was to infect websites with malware in order to facilitate phishing campaigns, malware distribution and other malicious activities.

It's essential to note that GoDaddy hasn't been targeted by hackers before, though this appears to be one of their most extensive attacks. According to their 10-K Form submitted to the Securities and Exchange Commission in 2022, they have been the victim of attacks intended to steal customer data.

GoDaddy's best efforts failed to stop hackers from invading their systems for three years and wreaking havoc on customers. Not only were the website data and customer records compromised, but hackers also gained access to some sensitive domain name registration records.

To protect against such attacks, it's essential to keep your software and web browsers up-to-date and use only high-end security plugins like MalCare which can detect even difficult-to-remove malware. Furthermore, make sure your Multi Factor Authentication is enabled.

By doing this, you can prevent a stolen credential attack that could grant access to your account and other sensitive information without your knowledge. Furthermore, regularly monitoring your account for unusual activity will help safeguard it against further compromise.

Finally, be a responsible steward of your site. Don't leave login credentials or security credentials lying around; keep them private and don't share them with anyone. Moreover, use strong passwords for added protection.

What’s next?

Most of us are familiar with GoDaddy, which boasts 19 million customers and manages 77 million domains and millions of web hosting accounts. But that doesn't mean the company hasn't been under attack at some point.

On Tuesday, the world's largest domain registrar revealed a data breach had affected an unknown number of web hosting account credentials. Affected users have been notified via email that their logins have been compromised.

The hacker is believed to have exploited a previously disclosed vulnerability on GoDaddy's servers, according to a statement posted on their website. This flaw allowed them to take control of an arbitrary number of cPanel shared hosting accounts.

GoDaddy recently identified and resolved the source of the issue, which caused websites hosted on these accounts to be intermittently redirected by malware installed in their servers. Thankfully, GoDaddy has now identified and removed this source of problems.

GoDaddy has experienced two security breaches within a few weeks, yet the breach remains significant.

In March of this year, a small number of GoDaddy domains were stolen by malicious actors. It is believed to have been a vishing attack - when hackers attempt to deceive someone into giving them access to their personal information by falsely claiming they are legitimate.

Thankfully, no one's data was stolen in this incident; however, the fact that it took three years for GoDaddy to realize they had been breached suggests something is seriously amiss with their security measures.

GoDaddy customers are reporting that many of their websites and email traffic has been redirected. This poses a real issue, particularly for businesses selling cryptocurrency or other digital products and services.

It's also worth remembering that businesses using outdated software may be vulnerable to attacks. For instance, GoDaddy's cPanel isn't as secure as the latest versions of PHP or MySQL.

That is why it is imperative that all companies utilize strong passwords, change them frequently and automate their password reset process to prevent breaches. Furthermore, testing pro-actively against credential stuffing attacks and having robust red team capabilities are paramount.

Related Articles