This past week, specifically on Nov. 13, GoDaddy customer service representatives fell victim to Social Engineering campaigns which led to the compromise of liquid.com.
The social engineering campaign took advantage of vishing or voice phishing. GoDaddy hasn’t gone into details of the attack specifics, but the result was DNS records were transferred and NiceHash bitcoin miners were spun up. The money made in the NiceHash scheme hasn’t been revealed. At the same time of the NiceHash DNS transfer, the GoDaddy was experiencing a system wide outage with email and phone systems were down. These might be related, but it is not known at this time, as GoDaddy has provided no confirmation at the time of this post.
NiceHash’s emails were transferred to private email.com because of the DNS transfer. PrivateEmail.com is owned by GoDaddy.
This attack appears to have taken advantage of GoDaddy’s customer service. I don’t blame GoDaddy as I know this is a difficult challenge and as we preach on this show, Humans are the best and worst firewall.
As soon as the compromise was discovered GoDaddy reverted the changes and liquid.com is running business as usual. I’m sure liquid.com is going to increase their security awareness training, just like GoDaddy is going to revamp their security policies to keep up with the latest techniques.
My advice is this, be leery of social engineering attempts. Ask your customer to prove who they are through a strict security regiment. I know it’s painful. I know it’s not always customer friendly. I know it’s uncomfortable, but is really necessary. Social Engineers pray upon our innate desire to help our fellow human being. If we’re going to win this war, we’ve got to make tough choices and make hard line choices. As a person who works in InfoSec, I hate to hear stories like this, but I’m not a robot. This is tough, but I remain vigilant.