Web-domain provider GoDaddy has not fixed the security weakness that provoked a string of spam attacks in the last 18 months, according to a MyOnlineSecurity report. Victims received fake DHL shipping notice emails and AT&T fax alerts, which triggered ransomware called GandCrab. GoDaddy claims it has already taken care of the issue, but investigations at MyOnlineSecurity suggest that two weeks later, “it still isn’t fixed and the criminals are continuing to…[exploit the] security hole in GoDaddy DNS system,” with the attacks reportedly ongoing.
GoDaddy spokesperson Dan Race denied the possibility. “We do not believe it is possible for a person to hijack the DNS of one or more domains using the same tactics,” he said. “However, we are assessing if there are other methods that may be used to achieve the same results.”
Last year, attackers entered the system to allow anyone to add a domain to their GoDaddy account without ownership validation. This time, attackers utilized domains which supposedly had gone missing (or orphaned) during the initial sweep.