GoDaddy’s Security challenges in 2020 haven’t ended. KrebsOnSecurity has found that hackers tricked many GoDaddy employees into transferring ownership or control of the web domains of several cryptocurrency services, inadvertently assisting in site shut down attacks. It is not known how many companies have fallen victim to these efforts, but Liquid.com and NiceHash have reported issues within days of each other. Bibox, Celsius, and Wirex could also be among the targets, although they have not confirmed anything at the time of this writing.
It is unclear how the hackers succeeded, but the successful March campaign against sites like Escrow.com likely relied on Vishing, or voice calls aimed at phishing sites designed to harvest account logins. Attackers often try to convince employees that they are from the company’s IT department and simply want to solve technical problems.
A GoDaddy spokesman confirmed that “a limited number of employees” have been the victim of “social engineering” attacks that allow attackers to make unauthorized changes to domains and accounts. In response, he canceled the changes, blocked accounts, and helped the victims regain access.
This happened about a year after a data breach affecting 28,000 hosting accounts and didn’t help with GoDaddy’s image. Please be aware that it may have been difficult for the company to cancel the vishing. GoDaddy has joined many other companies to keep employees working remotely during the COVID-19 pandemic. This can make it difficult to verify the legitimacy of the caller or website. Thus, it can become a problem for many companies, even if it is safe to return to the offices.