The cybercriminals were able to infiltrate GoDaddy’s systems and operate undetected for a span of three years.
Thursday, February 23, 2023
Thursday, February 23, 2023
GoDaddy, the internet domain registrar, has made a public statement acknowledging a cyberattack on its infrastructure that is speculated to be part of a wider chain of incidents that trace back to 2020.
As a formal requirement for listed entities in the U.S., the company has disclosed the specifics of these attacks in its annual report, which is commonly referred to as Form 10-K.
During December 2022, it was discovered by experts that an unapproved third party had managed to infiltrate GoDaddy's cPanel hosting servers and implanted malicious software. As a result, certain customer websites were periodically redirected to harmful websites without warning or pattern.
It is a widely used practice for various purposes to legitimately utilize URL redirection within HTTP.
What's more concerning is that hackers often initiate malicious URL redirects intermittently, making it challenging to detect their deceitful activity. This is precisely what seems to have happened in the case of GoDaddy's cyberattack.
As per the company's official filing, an attack in March 2020 resulted in the unauthorized access of login credentials belonging to around 28,000 hosting customers, as well as a few personnel.
In addition to this, GoDaddy's hosted WordPress service was also compromised in November 2021.
It took GoDaddy nearly three months to disclose the cyberattack, and details about the incident are limited. If you have visited a website hosted by GoDaddy since December 2022, there are no Indicators of Compromise (IOCs) to identify the attack. Although GoDaddy has referred to the breach as recent, the company's Form 10-K filing indicates that the cyberattack could have been ongoing for an extended period.
Latest Thought's
Categories