GoDaddy became the victim of a data breach caused by an anonymous hacker group

Post Views: 898

You might know about GoDaddy, one of the popular web hosting providers. They announced the organization had been victimized by a cyber attack. In that case, adversaries stole source codes and deployed malware on the firm’s servers.

The firm says – “we are not sure about the hours of initial compromise.” But there’s an investigation going on to find out the origin of the cyberattack.

GoDaddy,

According to the org, the attack was carried out by a professional hacker. Moreover, the firm said this attack didn’t create any commotion within their daily operations. The company said they have evidence that proves the adversaries have also attacked several other web hosting providers over the years globally.

“We are working with multiple law enforcement agencies around the world, in addition to forensics experts, to investigate the issue further. We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy.”

“According to information we have received, their apparent goal is to infect websites and servers with malware for

a) Phishing Campaigns,

b) Malware Distribution, and

c) other Malicious Activities.”

Due to the data breaches that happened in Nov, 2021, the multi-year campaign started, which ultimately made GoDaddy a part of the victims. Around 1.2 M clients were impacted by the same. Moreover, in Mar, 2020, around 28,000 clients’ data were disclosed. xxxxx

“The Adversary group installed malware on our systems and obtained pieces of code related to some services within GoDaddy.”

“The Advances in system features & exposing new security flaws increased the likelihood of nation-state cyber attacks (including retaliatory cyber attacks by Russia in response to economic sanctions caused by the Russia-Ukraine military conflict).

Other software enhancements are usually utilized by online users, such as

a) The Meltdown & Spectre Vulnerabilities and

b) Exploit Security Flaws in Chips built in the past 2 decades.

How did the attack take place?

The Malicious Software deployed on the organization’s systems was driving random clients’ traffic to malicious sites. The breach was found out in Dec, 2022, when the clients claimed their sites were being used to redirect to random domains.

Dec, 2022

An anonymous user gained access to our cPanel hosting servers and planted malware on them. The malicious software continuously drove random clients’ websites to fraudulent websites.

What will be the consequences?

Evolving ransomware attacks or the development of vendor software creates caution. Due to that, whether it’s our clients or us using the servers & services will suffer a data breach. The Shellshock security flaw in the Linux Bash Shell, & the Log4Shell security flaw in the widely used logging library Log4j could be an example of that.

What is the solution?

The company says –

“We expect to continue to expend significant resources to protect against security breaches and other data security incidents. The risk that these types of events could seriously harm our business is likely to increase as we expand the number of cloud-based products we offer and operate in more countries.”

Any Suggestions?

The organization made a statement to continue to invest in enhanced security of its infrastructure. However, alerted the clients that the cybercriminals are becoming even more brutal. Moreover, the current geopolitical circumstances are worsening the case.

For more amazing facts & information like this, you can follow us on News4Hackers. Leave a comment if you have any queries.