Several cryptocurrency websites have been hit by a cyberattack after employees at hosting company GoDaddy were targeted in a social engineering attack.
Hackers are believed to have convinced workers at GoDaddy, a major domain registrar and web hosting company, to give them access to the targeted websites. The attackers were then able to take control of some of the targets’ domains, access potentially sensitive data and redirect email traffic to cause password resets.
GoDaddy said that a limited number of its employees were involved in the scam, affecting only a handful of the company’s domains. The company has not disclosed any details of how the social engineering attack took place.
At present, none of the affected companies have reported the loss of any funds.
The first reported attack affected cryptocurrency platform liquid.com, beginning on November 13. The company said that GoDaddy incorrectly transferred control of the account and domain to a malicious actor.
“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage,” Liquid Group Co-founder and CEO Mike Kayamori said in a company statement.
“Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for, and remain safe and secure,” he added.
However, he warned that the malicious actor may have obtained personal information from the company’s user database, including data emails, names, addresses and encrypted passwords.
Another company, cryptocurrency exchange NiceHash, said that its website went down on November 18 due to unauthorised access to the domain settings. The attackers were able to change the domain’s DNS records.
“To secure all user’s funds, we have immediately frozen all wallet activity. All funds are safe and users will get access to their wallets in the next 24 hours,” a company statement said.
“At this moment in time, it looks like no emails, passwords, or any personal data were accessed but we do suggest resetting your password and activate 2FA security,” it added.
Several other websites have been linked to the scam, although the full scale of the attack remains unknown.
In response, GoDaddy said that it locked down the accounts involved in the incident immediately as soon as the attack was detected. The company has since reverted any changes that took place to accounts and is assisting affected customers with regaining access to their accounts.
To complicate matters, GoDaddy was affected by a major network outage for four hours on November 17 that affected its website, phone, and email systems.
The company blamed the outage on an error during planned network maintenance, denying it was a security incident.
- Leader Insights | Flexibility and security with Alan Smillie, Softworx
- Data Protection Summit 2020 | The biggest ICO fines ever issued
- Report warns of new threat from AI-powered cyberattacks
The cyberattack is an example of the social engineering aspect of cyberattacks. These attacks use psychological manipulation to trick users into making security mistakes or giving away sensitive information.
According to Cybint Solutions, 2018 saw 62% of businesses hit by phishing and social engineering attacks. And research from Gallagher earlier this year warned that 60% of security breaches were caused by human error.
Social engineering attacks use a wide range of tactics, including using fake infection warnings to scare people, impersonating colleagues, or leaving malware infected flash drives in a building,
With the coronavirus making business conditions uncertain, and remote working isolating employees, companies are more vulnerable than ever to these types of attacks.