Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
November 23, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
November 23, 2021Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
November 23, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
November 23, 2021Severity
High
Analysis Summary
The webhosting service released a statement saying that the service was being attacked since November 17, 2021. Their Managed WordPress hosting environment was vulnerable to unauthorized third-party access and that resulted in a catastrophic data breach. The attackers accessed the provision system in GoDaddy’s legacy code base using a compromised password.
Once the malicious activity was detected, the unauthorized third-party was blocked from the system. Investigation into the incident revealed that the attack started on September 6, 2021 and was only just discovered.
- Email addresses and customer numbers of around 1.2 million Managed WordPress customers (active and inactive) were exposed.
- The original WordPress Admin password that was set at the time of provisioning was exposed.
- For active customers, sFTP and database usernames and passwords were exposed.
- SSL private keys of some active customers were also exposed.
A previous attack was also identified by GoDaddy in May of 2020 where data of around 28,000 customers was breached by threat actors.
Impact
- Data Theft
- Credential Theft
- Reputational Loss
Affected Vendors
GoDaddy
Affected Products
- Managed WordPress
Remediation
The leading cause of both the 2020 and 2021 breach is an implementation (or lack there of) ineffective cyber security standards and policies. Therefore, the first remedial measures are:
Implementation of strong passwords.
Implementing Two-Factor Authentication
Changing and modifying the original admin passwords.
Implementing network and system hardening.
Being wary of scam emails and implementing email security.