Go Daddy Pledges Better Security For All After Customers Hacked

Tom Brewster is TechWeek Europe’s Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Go Daddy tells TechWeekEurope it has some big plans for security improvements across the globe

Hosting giant Go Daddy is planning to expand two-factor authentication to UK users, and others around the globe, as it looks to boost security for its customers, TechWeekEurope has learned.

Plans to boost security, which also include use of more intelligence-driven models, have been in place for some time, but follow a series of potentially serious security incidents in recent months.

Last week, UK firm Sophos found Domain Name System (DNS) settings of Go Daddy customers had been tampered with, meaning that visitors to specially-crafted subdomains on Go Daddy-hosted sites were being redirected to pages serving up ransomware. The malware locked users out of their machines and demanded payment to unlock their systems.

Go Daddy goes for improved security

Go Daddy told TechWeekEurope today that around 200 of its customers had recently had their DNS records changed to point towards malicious domains, but this was not an aberration, nor was there a vulnerability in Go Daddy’s own infrastructure.

The firm believes a number of its customers were phished, or had their machines infected with the Cool exploit kit or Zeus malware, director of information security operations at the hosting firm, Scott Gerlach, said.

“We’ve been tracking this issue for a couple of months. There are a couple of hundred customers affected. It all comes down to good password management, making sure you’re not re-using passwords all over the place, picking strong passwords,” he said.

“I suspect this is part of a wider thing. It’s a really small percentage of our customers that are affected… I’m not really sure why we’re the fave.”

He suspected Go Daddy logins were being sold on the underground. “I have seen Zeus repositories or drop zones where Go Daddy passwords are being collected. Once we find that we password lock that and let the customer know.”

The company has now reversed the malicious DNS entries for customers and continues to do so as it finds them. It also forced victims to change their passwords. “This is not a vulnerability in the My Account or DNS management systems,” the firm said.

It is now in the process of bringing two-factor authentication, which was only available in US and Canada, to the international community, including Europe. As Gerlach noted, two-factor authentication would prevent the kinds of attacks reported this past week.

“[We will be opening two-factor authentication] in Europe, India where we have a large customer base and the Eastern Pacific region, and really for anyone who needs it,” Gerlach said.

More automated, intelligence-driven security is on the way too. “We look at logs all day and we are making intelligent decisions around what those logs mean and we’re really trying to write code around that. All this manpower we put into log analysis and security research turns into a piece of code that just runs and then we can go do something else.”

Go Daddy is also working on a feature to allow users to check historical login activity – something Sophos criticised the firm for not offering in the first place. Such a feature allows customers to check for unauthorised access.

The changes have been met with applause from Sophos’ Graham Cluley. “Sounds like a good positive step.  Let’s hope that they encourage the widespread adoption of two-factor authentication by their customers,” Cluley said.

“Fingers crossed that Go Daddy’s positive security steps will be seen by other online companies, who will also re-evaluate how well they are securing their own users and take similar action.”

In September, it was rumoured Go Daddy had been hacked, but the company said downtime was due to “a series of internal network events that corrupted router data tables”.

What do you know about Facebook? Try our quiz!