In brief Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020.
The business took the unusual step of detailing the attacks in its Form 10-K – the formal annual report listed entities are required to file in the US.
The filing details a March 2020 attack that "compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel" and a November 2021 breach of its hosted WordPress service.
The latest attack came in December 2022, when boffins detected "an unauthorized third party gained access to and installed malware on our cPanel hosting servers," the filing states. "The malware intermittently redirected random customer websites to malicious sites."
GoDaddy is unsure of the root cause of the incident, but believes it could be the result of "a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy."
"To date, these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business or operations," the filing states – showing enormous empathy for customers whose sites were redirected in the most recent attack, or impacted by the earlier incidents.
In a brief statement on the incident, GoDaddy hypothesized that the goal of the December 2022 attacks "is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities."
– Simon Sharwood
The Russian government is working on changes to its criminal code that would legalize hacking in the Federation – provided it's being done in the service of Russian interests, of course.
According to Russian news service TASS, Alexander Khinshtein, head of the state Duma committee on information policy, wants exemptions from liability given to hackers, but aside from tossing the idea out to reporters he didn't have details to add.
Still, Khinshtein argued, "I am firmly convinced that it is necessary to use any resources to effectively fight the enemy," adding that Russia needs to be able to respond adequately to any threat – and who better to help than a well-established army of hackers?
Russian-linked hacking groups are notorious for the damage caused – or attempted – by groups like Killnet, Cozy Bear, Vice Society or any of the myriad others linked to attacks on its enemies – both in Ukraine and elsewhere.
Those groups may operate with a certain amount of impunity within Russia, but the law still isn't on their side, as TASS pointed out. Russian laws regarding cyber crimes are strict – if not always enforced – and exceptions are reportedly nonexistent.
Two sets of laws pertain to hacking activity: Articles 272 and 273 of the Criminal Code of the Russian Federation, which cover illegal access and the creation, distribution and use of malicious computer software, respectively.
Gaining illegal access and/or using malicious software, if it leads to "grave consequences or [the creation of] a threat," can earn a Russian up to seven years in prison, with lesser possible terms for less damage or acting independently of a group.
Adding exceptions for what TASS described as "white hat" operations in the interest of the Russian government would provide considerable leeway for state-sponsored hackers already doing so.
More alarming, however, is the encouragement it would give to green hats more likely to break a system than break into it, script kiddies in it for the lulz, and dark web turnkey crooks. There's no indication such a law is on the way to passage – Khinshtein said it still needed to be spoken about "in more detail" – but it might be a good idea to reinforce that security posture. Especially if you're in a critical industry.
We're still hot on the heels of February's rather romantic Patch Tuesday, so if you're wondering where a few well-publicized vulnerabilities are in this list – we may have already covered them.
That said, there's still plenty of patching fun to be had if you're not sick of it already.
Mozilla's Firefox 110, Firefox ESR 102.8 and Thunderbird 102.8 were also released this week, and addressed a total of eight CVEs shared by a mix of the three products. As Mozilla's bug reports are restricted and it doesn't provide actual CVSS scores, we've selected bugs it rates as high priority, defined as those that can be used to gather sensitive data and "requiring no more than normal browsing actions."
None of the bugs Mozilla patched in this release were considered critical.
Finally, CVE-2023-24809 won't keep anyone up at night, unless they are avid players of the venerable Rogue-like adventure game NetHack. The 5.5-rated flaw is found in versions 3.6.2 through to 3.6.6 and means illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. "This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems", an advisory warns. Upgrading to version 3.6.7 solves the problem. No save-scumming, people!
Oakland, California declared a state of emergency on Valentine's Day – and not because there was too much love in the air. A week of work hasn't done a whole lot to clear up a ransomware attack that hit the city on February 8.
As we reported in last week's security roundup, the attack didn't take down 911 services, disrupt finances or worsen emergency response times, but the precaution of taking a good portion of the city's network offline to stop the attack has led to a slow recovery and some non-emergency systems inaccessible.
"The network outage has impacted many non-emergency systems including our ability to collect payments, process reports, and issue permits and licenses," the city declared in an update on February 15, adding that residents should call before showing up at a city office in case it's closed.
The Oakland government said that police and fire departments are still responding to emergency calls as usual, but that non-emergency requests should be made online or reported by a call to the local 311 non-emergency line.
By declaring a state of emergency, Oakland has expedited its ability to procure equipment and materials to respond to the ransomware attack, as well as activating emergency workers and making it easier for leadership to issue orders.
The Oakland city government said the attack investigation is ongoing, and law enforcement is investigating. The city hasn't said how the attack occurred, who was behind it or what sort of ransom demand was made. ®
Source: The register