GoDaddy Malware Attack

The web hosting company GoDaddy has revealed this week that its infrastructure has been under attack in a series of linked incidents dating back to 2020.

According to the company an unauthorised user gained access to its systems and installed malware which caused the intermittent redirection of its customers websites.

In a statement the company confirmed that the first attack in 2020 "compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel."

In November 2021, the company reported that its GoDaddy Managed WordPress service had been compromised. The intruder obtained source code for the system which enabled a further intrusion compromising admin credentials for the service, access to FTP accounts and email addresses for 1.2 million current and inactive customers.

And then in December 2022, the company detected "an unauthorized third party gained access to and installed malware on our cPanel hosting servers." The malware intermittently redirected random customer websites to malicious sites.

The web hosting company said that the same threat actor(s) were responsible for all the attacks.

As one of the biggest players in the web hosting space the prolonged attacks are a source of embarrassment for GoDaddy and will impact the trust that their customers.

For help and advice on securing your organisation or managing a cyberattack contact Romano Security Consulting today.