[Security Weekly] GoDaddy Hack Exposes SSH Account Credentials of 28,000 Customers

2nd Week of May 2020


1. GoDaddy hack exposes SSH account credentials of 28,000 customers

As the world’s largest internet domain registrar, not only does GoDaddy provide domain registrar services, it also offers web hosting services for businesses worldwide.

In late April, GoDaddy filed a report to the California Office of the Attorney General stating that an unauthorized individual was able to access the SSH1 accounts used by its customers to access their hosting servers.

The breach was said to have happened back in October 2019, only to be discovered six months later on April 23. Nevertheless, GoDaddy ensured that the incident only affected the SSH hosting accounts, not the regular customer accounts. With over 19 million customers worldwide, only an estimated 28,000 were impacted.

After the discovery, GoDaddy immediately reset all impacted usernames and passwords, and removed an authorized SSH file from its platform. The company also suggested that it had no evidence showing if the attacker had used the SSH accounts to modify the customers’ hosting servers.

GoDaddy went on to offer all impacted customers with one year of its website security and malware removal service for free.

Source: Threatpost

1 Secured Shell (SSH) is a remote administration protocol that authenticates users to manage and modify their remote servers over the Internet.


2. Personal information of 44 million Pakistani mobile users posted online

Back in April, a dataset containing the personal details of 115 million Pakistani mobile users was posted on the dark web for sale at a price of $2.1 million in Bitcoin.

As the government stepped in to investigate the incident, 44 million out of the 115 million records got released online this week. According to researchers at ZDNet, the data contained verifiable information including full legal names, national ID numbers, home addresses, phone numbers, as well as dates of subscription. Most records involved individual user accounts, others involved business accounts. The details of the business accounts were also verified to be accurate.

The oldest entries of the dataset contained records in 2013. Researchers suggested that the hackers may have either hacked into an old file, or that the attack may have taken place back in 2013.

Most of the mobile phone numbers involved belonged to service provider Jazz. However, numbers belonging to other service providers were also existent. Thus, it is unclear where the data leaked from. They could have leaked from a government agency, a service provider, or other third-party data collection firms.

Sources: ZDNetSC Magazine


3. Global healthcare giant Fresenius hit by Snake ransomware amidst COVID-19 supply shortage

As parts of the world continue to experience difficulties coping with the COVID-19 pandemic, some criminals just do not seem to have any conscience at all. Earlier this week, one of the largest healthcare operators and suppliers in the world confirmed suffering an attack from the Snake ransomware group.

A German-based healthcare conglomerate that employs up to 300,000 people across 100 countries, Fresenius is a leading supplier of dialysis equipment, holding 49% of the dialysis market in the US.

First reported by Krebs on Security, Fresenius reportedly shut down all its computers worldwide following the attack, significantly impacting some of its operations. A spokesperson from the company made a written confirmation stating that the IT team of the company has detected a virus on its computer system, and is working to ensure operations resume as normal.

Dialysis equipment is under serious shortage in the United States and parts of Europe as COVID-19 causes severe kidney damage to some patients. Attackers seemed to have shamelessly targeted this weakness. During this crucial period, healthcare providers have faced one attack after another. It is now time for healthcare businesses to upgrade their security measures as part of our preparation for a long-term fight against the coronavirus.

[Click here to learn how Penta Security’s enterprise security solutions can help keep your organization safe.] 

Source: Krebs on Security


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Web Application Firewall for Cloud: WAPPLES SA

Database Encryption: D’Amo

Authentication: ISign+ 

Smart Car Security: AutoCrypt