Hackers ran amok inside GoDaddy for almost 3 years
Detects that hackers has had stealthy access to the company’s network for three years is bad enough. Web hosting company GoDaddy this week admitted something even worse: A group of hackers it had repeatedly spotted on its network had returned — or never left — and have been wreaking havoc on its network since at least March 2020, despite all the company’s efforts to expel them.
We’ll get to that. Meanwhile, the rise of pork butchering scams has left a growing number of victims financially destitute – and the scammers are only getting more sophisticated. This week, we described new techniques criminals are using to drain people’s bank accounts through social engineering and legitimate financial apps designed to trick targets into giving the scammers their money under the guise of fake investments.
Speaking of fake investments, 24 percent of new crypto tokens that gained some value in 2022 were pump-and-dump schemes, according to new findings from cryptocurrency tracking firm Chainalysis. The creators of these tokens hype them up to draw in buyers, then sell off all their holdings when the value rises, thus driving prices down and investors holding crypto that is suddenly worthless. Chainalysis found that one token creator was responsible for at least 264 successful pump-and-dumps last year.
Of course, what goes up must come down – especially if it’s a suspicious object flying over the US for the past two weeks. After the US shot down a Chinese spy balloon earlier this month, it went on to take out three more unidentified aerial objects. But don’t worry, there aren’t more spy balloons than normal – the authorities are just keeping a closer eye on what’s in the sky.
While the mainstream media focused on spy balloons, another top story emerged on TikTok and other social media platforms: a February 3 train derailment in East Palestine, Ohio, that spilled toxic chemicals into the ground and waterways and forced the small town’s residents to flee. The relative lack of news coverage, a growing list of questions about the health and environmental impacts of the spilled chemicals, and distrust of the government and authorities created the perfect recipe for misinformation and conspiracy theories.
However, the notion that government is slow and inefficient at best has some truth to it. This week, US Customs and Border Protection revealed it had finally implemented the system update needed to cryptographically verify data on e-passports – 16 years after the US and Visa Waiver countries began issuing passports containing RFID tags loaded with travel details.
If you’re planning a trip but don’t want anyone to know where you’re going, we’ve put together a complete guide to make sure you don’t accidentally share your location.
But that’s not all. We’ve rounded up the best security and privacy news from the week that we didn’t cover in depth ourselves. Click on the headlines to read the full stories, and be safe out there.
GoDaddy revealed in a statement Thursday that it had discovered that hackers inside its systems had installed malware on its network and stolen parts of its code. The company says it became aware of the intrusion in December 2022 when customers — the company has not disclosed how many — began reporting that their sites were mysteriously redirected to other domains. GoDaddy says it is investigating the breach and cooperating with law enforcement, which has told the company that the hackers’ “apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
It gets worse: GoDaddy revealed in an SEC filing that it believes the hackers are the same group it found inside the company’s network in March 2020, which had stolen the login information of 28,000 customers and some of GoDaddy’s employees. Then in November 2021, hackers used a stolen password to compromise 1.2 million customers’ WordPress instances, gaining access to email addresses, usernames, passwords and, in some cases, the sites’ private SSL keys. “Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group,” the filing said.