Hackers Ran Amok Inside GoDaddy for Nearly 3 Years


Discovering that hackers have had stealthy access to your corporate network for three years is bad enough. Web hosting company GoDaddy this week confessed to something even worse: A group of hackers it had repeatedly spotted inside its network had returned—or never left—and have been wreaking havoc in its network since at least March 2020, despite all the company’s attempts to expel them.

We’ll get to that. Meanwhile, the rise of pig butchering scams has left an increasing number of victims financially destitute—and the scammers are only growing more sophisticated. This week we detailed new techniques that criminals are using to drain people’s bank accounts through social engineering and legitimate-looking financial apps that are designed to trick targets into giving the scammers their cash under the guise of bogus investments. 

Speaking of bogus investments, 24 percent of new crypto tokens that gained any value in 2022 were pump-and-dump schemes, according to new findings from the cryptocurrency-tracing firm Chainalysis. The creators of these tokens hype them to draw in buyers, then sell off all their holdings once the value rises, thus tanking the price and leaving investors holding crypto that is suddenly worth nothing. Chainalysis found that one token creator was responsible for at least 264 successful pump-and-dumps last year. 

Of course, what goes up must come down—especially if it’s a suspicious object flying over the United States in the past two weeks. After the US shot down a Chinese spy balloon earlier this month, it went on to take out three additional unidentified aerial objects. But don’t worry, there aren’t more spy balloons than normal—the government is just paying closer attention to what’s in the sky.

While the mainstream media focused on spy balloons, another top story was emerging on TikTok and other social media platforms: a February 3 train derailment in East Palestine, Ohio, which spilled toxic chemicals into the ground and waterways and forced the small town’s residents to flee. The relative lack of news coverage, a growing list of questions about the health and environmental impacts of the spilled chemicals, and mistrust of government regulators and officials created the perfect recipe for misinformation and conspiracy theories.

The notion that the government is, at best, slow and ineffective has some truth, however. This week, US Customs and Border Protection revealed that it had finally implemented the system update necessary to cryptographically verify data on e-Passports—16 years after the US and Visa Waiver countries began issuing passports that contain RFID chips loaded with traveler details. 

If you’re planning a trip but don’t want anyone to know where you’re going, we’ve compiled a complete guide to make sure you’re not accidentally sharing your location.

But that’s not all. We’ve rounded up the top security and privacy news from the week that we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.

GoDaddy revealed in a statement on Thursday it had discovered that hackers inside its systems had installed malware on its network and stolen parts of its code. The company says it became aware of the intrusion in December 2022 when customers—the company hasn’t said how many—began reporting that their websites were being mysteriously redirected to other domains. GoDaddy says it’s investigating the breach and working with law enforcement, who have told the company that the hackers’ “apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”

It gets worse: GoDaddy revealed in an SEC filing that it believes the hackers are the same group that it found inside the company’s networks in March 2020, and which had stolen the login credentials of 28,000 customers and some of GoDaddy’s staff. Then in November 2021, the hackers used a stolen password to compromise 1.2 million customers’ WordPress instances, getting access to email addresses, usernames, passwords, and, in some cases, their websites’ SSL private keys. “Based on our investigation, we believe these incidents are part of a multiyear campaign by a sophisticated threat actor group,” the filing reads.



Source link