Cyber Threat Alert

GoDaddy Hacked - Cyberattack!

The world’s largest domain registrar, GoDaddy, with 19 million customers, 77 million domains managed, and millions of websites hosted, appears to be vulnerable to cyberattacks.

By recent accounts, GoDaddy experienced a spear-phishing attack on an employee in March 2020 and a data breach in October 2019.

Unfortunately, GoDaddy’s customers risk having their personal information accessed and compromised by unauthorized users.

WHY THIS MATTERS

As part of a recent trend, savvy attackers are now targeting personnel at domain registrars.

This trend highlights how we need to remain vigilant about our online interactions, including the likelihood of spear-phishing emails.

Even when businesses and individuals follow cybersecurity best practices, a service provider employee can be a weak link in the chain.

When service providers are attacked, we are forced to reconsider our own login credentials and privacy and security protocols. If they are deficient, we reset and improve them.

DESCRIPTION

If we rely on external web hosting, we need to be aware of our vulnerability to cyberattacks and take precautions.

GoDaddy – Third-Party Hosting Provider

Password protection at our web hosting service provider is crucial. Best practices require a unique password – not one that you are using on every other device in your business (either in the office or at remote work from home).

Cyberattack One:

In March 2020, a spear-phishing attack on a GoDaddy employee succeeded, potentially impacting five other customer accounts as well. GoDaddy has not revealed the number of domains affected.

There is little that we can do to protect our accounts if someone at our domain name registrar gets phished. This reality is why strong cyber defenses need to be implemented not matter the size of your business.

KrebsonSecurity suggests some useful precautions (that you can control) to take on accounts with service providers:

  • Use 2-factor authentication, and require it to be used by all relevant users and subcontractors.
  • In cases where passwords are used, pick unique passwords and, consider password managers.
  • Review the security of existing accounts with registrars and other providers, and make sure you have multiple notifications in place when and if a domain you own is about to expire.
  • Use registration features like Registry Lock that can help protect domain name records from being changed.

Cyberattack Two:

In April 2020, GoDaddy discovered and revealed a data breach -- that occurred six months earlier in October 2019.

In a statement to its customers, GoDaddy explained they identified suspicious activity on a subset of their servers and investigated, finding an unauthorized individual had accessed customer login information. The information was used to connect the secure shell (SSH), to access remote computers on web hosting accounts.  

GoDaddy reported that it found no evidence that any files were added or modified. They did not confirm whether files could have been viewed, copied, or exfiltrated.

Initial reports indicate the incident appears to be limited in scope to approximately 28,000 web hosting accounts.

Main GoDaddy.com customer accounts, and the information stored there, were not accessed by the threat actor.

GoDaddy reset passwords and confirmed that it would provide impacted customers with a year of its website security and malware removal service for free.

TAKEAWAYS

  • A third-party hosting provider may expand your cyberattack surface.
  • Any business size, type, or location:
    • It can become a spear-phishing target – breaking the cybersecurity chain.
    • Needs to have privacy and security measures in place – as part of your due diligence.
    • Organizations need a stand-alone cyber insurance policy – to protect against residual cyber risk.

Cyber Insurance Solutions

Cyber insurance is your go-to option when you are looking to transfer some of your residual risk (that cannot be adequately mitigated):

  • Social engineering coverage, including employee education and risk mitigation services
  • Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
  • Data breach coverage, including direct first-party losses and third-party liability and damages
  • Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
  • Employee training and educational tools to help prevent attacks and protect your network/data

SOURCES

https://krebsonsecurity.com/2020/03/phish-of-godaddy-employee-jeopardized-escrow-com-among-others/

https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/

https://www.zdnet.com/article/godaddy-reports-data-breach-involving-ssh-access-on-hosting-accounts/

https://oag.ca.gov/system/files/Customer%20Notification.pdf

https://www.techrepublic.com/article/godaddy-data-breach-shows-why-businesses-need-to-better-secure-their-customer-data/

This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.
Cyber Armada Team
Posted by Cyber Armada Team on May 8, 2020 8:29:50 AM
Application

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada
Appointment

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment