Following the news that hackers tricked GoDaddy employees into handing ownership or control of multiple cryptocurrency services’ web domains, the CEO offers the following comment:
Social engineering continues to be a significant risk – with GoDaddy staff apparently falling for similar tactics that were used to compromise many high-profile Twitter accounts in July. With large organisations like these, hackers can try those techniques out on thousands of staff until they find a weak link.
Whilst cybersecurity organisations, including Skurio, have been campaigning for better standards and regulation around domain registration, this attack reveals yet another way in which criminals are attempting to use business emails for criminal purposes. By gaining control of a domain at source, cybercriminals can by-pass these measures in order to, for example, send phishing or payment diversion emails.
We have seen a reassuring improvement in cyber awareness and organisations using training, password management, access control, and domain monitoring to prevent email takeover – but there is still more to be done.
Organisations can receive an early warning of this kind of attack through using synthetic identities in their databases. If emails are sent to such identities, they can immediately be identified as malicious even if the attack has happened in their wider digital supply chain.
Organisations should consider their DNS records as the ‘crown jewels’, and make sure they have enabled MFA with their domain registrar. Automated monitoring can also help here, alerting you in real-time of any unexpected changes to DNS records, or registration of new “typo squatted” domain names which may be used by bad actors for website spoofing, email impersonation, spearphishing and social engineering attacks.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics