Hackers ran amok inside GoDaddy for almost 3 years

Discovering that hackers having hidden access to your corporate network for three years is bad enough. Web hosting company GoDaddy admitted to something even worse this week: A group of hackers it repeatedly spotted on its network have returned — or never left — and have been wreaking havoc on its network since at least March 2020, despite all attempts by the company to expel them.

We’ll get to that. Meanwhile, the rise of hog butchering scams has left more and more victims without financial means, and the scammers are becoming more sophisticated. This week, we detailed the new methods that criminals are using to empty people’s bank accounts through social engineering and legitimate-looking financial apps that are designed to trick scammers into giving away their money under the guise of fictitious investments.

Speaking of fictitious investments, 24 percent of the new crypto tokens that gained any value in 2022 were pump and dump schemes, according to new findings from crypto-tracking company Chainalysis. The creators of these tokens spin them around to attract buyers and then sell all of their holdings as soon as the value rises, thereby lowering the price and leaving investors holding a cryptocurrency that is suddenly worth nothing. Chainalysis found that one token creator was responsible for at least 264 successful pump and dumps in the last year.

Of course, what goes up must go down, especially if it is a suspicious object that has been flying over the United States in the last two weeks. After shooting down a Chinese spy balloon earlier this month, the US has shot down three more unidentified aerial objects. But don’t worry, there are no more spy balloons than usual – the government is just paying more attention to what’s in the sky.

While the mainstream media focused on the spy balloons, another big piece of news broke on TikTok and other social media platforms: the Feb. 3 train derailment in East Palestine, Ohio, which dropped toxic chemicals into the waterways and forced the inhabitants of the small town to flee. . The relative lack of news coverage, a growing list of questions about the health and environmental effects of spilled chemicals, and distrust of government regulators and officials have created the perfect recipe for disinformation and conspiracy theories.

However, there is some truth to the notion that government is slow and inefficient at best. This week, US Customs and Border Protection announced that it has finally implemented the system update required for cryptographic verification of data in electronic passports – 16 years after the US and visa waiver countries began issuing passports containing RFID data chips. about travelers.

If you’re planning a trip but don’t want anyone to know where you’re going, we’ve put together a complete guide to make sure you don’t accidentally share your location.

But that’s not all. We’ve rounded up the top security and privacy news from the week that we didn’t cover in detail ourselves. Click on the titles to read all the stories and stay safe.

GoDaddy said in a statement Thursday that it has discovered that hackers inside its systems have installed malware on its network and stolen parts of its code. The company says it became aware of the intrusion in December 2022, when customers — the company did not say how many — began reporting their websites being mysteriously redirected to other domains. GoDaddy says it is investigating the breach and is working with law enforcement, who told the company that “the apparent goal of the hackers is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.”

It gets worse: GoDaddy reveals itself in filing with the US Securities and Exchange Commission that he believes the hackers are the same group she discovered on the company’s networks in March 2020 that stole the login credentials of 28,000 customers and some GoDaddy employees. Then, in November 2021, hackers used the stolen password to break into WordPress instances of 1.2 million customers, gaining access to their websites’ email addresses, usernames, passwords and, in some cases, their websites’ SSL private keys. “Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated group of attackers,” the document says.