In brief Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020.

The business took the unusual step of detailing the attacks in its Form 10-K - the formal annual report listed entities are required to file in the US.

The filing details a March 2020 attack that "compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel" and a November 2021 breach of its hosted WordPress service.

The latest attack came in December 2022, when boffins detected "an unauthorized third party gained access to and installed malware on our cPanel hosting servers," the filing states. "The malware intermittently redirected random customer websites to malicious sites."

GoDaddy is unsure of the root cause of the incident, but believes it could be the result of "a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy."

"To date, these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business or operations," the filing states - showing enormous empathy for customers whose sites were redirected in the most recent attack, or impacted by the earlier incidents.

In a brief statement on the incident, GoDaddy hypothesized that the goal of the December 2022 attacks "is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities."

- Simon Sharwood

Moscow considers legalizing hacking - but only for the glory of Mother Russia

The Russian government is working on changes to its criminal code that would legalize hacking in the Federation - provided it's being done in the service of Russian interests, of course. 

According to Russian news service TASS, Alexander Khinshtein, head of the state Duma committee on information policy, wants exemptions from liability given to hackers, but aside from tossing the idea out to reporters he didn't have details to add. 

Still, Khinshtein argued, "I am firmly convinced that it is necessary to use any resources to effectively fight the enemy," adding that Russia needs to be able to respond adequately to any threat - and who better to help than a well-established army of hackers?

Russian-linked hacking groups are notorious for the damage caused - or attempted - by groups like Killnet, Cozy Bear, Vice Society or any of the myriad others linked to attacks on its enemies - both in Ukraine and elsewhere.  

Those groups may operate with a certain amount of impunity within Russia, but the law still isn't on their side, as TASS pointed out. Russian laws regarding cyber crimes are strict - if not always enforced - and exceptions are reportedly nonexistent. 

Two sets of laws pertain to hacking activity: Articles 272 and 273 of the Criminal Code of the Russian Federation, which cover illegal access and the creation, distribution and use of malicious computer software, respectively. 

Gaining illegal access and/or using malicious software, if it leads to "grave consequences or [the creation of] a threat," can earn a Russian up to seven years in prison, with lesser possible terms for less damage or acting independently of a group.

Adding exceptions for what TASS described as "white hat" operations in the interest of the Russian government would provide considerable leeway for state-sponsored hackers already doing so.

More alarming, however, is the encouragement it would give to green hats more likely to break a system than break into it, script kiddies in it for the lulz, and dark web turnkey crooks. There's no indication such a law is on the way to passage - Khinshtein said it still needed to be spoken about "in more detail" - but it might be a good idea to reinforce that security posture. Especially if you're in a critical industry.

Emergency declared in Oakland, CA after ransomware attack

Oakland, California declared a state of emergency on Valentine's Day - and not because there was too much love in the air. A week of work hasn't done a whole lot to clear up a ransomware attack that hit the city on February 8.

As we reported in last week's security roundup, the attack didn't take down 911 services, disrupt finances or worsen emergency response times, but the precaution of taking a good portion of the city's network offline to stop the attack has led to a slow recovery and some non-emergency systems inaccessible. 

"The network outage has impacted many non-emergency systems including our ability to collect payments, process reports, and issue permits and licenses," the city declared in an update on February 15, adding that residents should call before showing up at a city office in case it's closed. 

The Oakland government said that police and fire departments are still responding to emergency calls as usual, but that non-emergency requests should be made online or reported by a call to the local 311 non-emergency line. 

By declaring a state of emergency, Oakland has expedited its ability to procure equipment and materials to respond to the ransomware attack, as well as activating emergency workers and making it easier for leadership to issue orders. 

The Oakland city government said the attack investigation is ongoing, and law enforcement is investigating. The city hasn't said how the attack occurred, who was behind it or what sort of ransom demand was made. ®

https://www.theregister.com//2023/02/20/in_brief_security/