Post by Craig Petronella
(republished with permission)
In 2021, the hacker hits keep coming!
With headlines awash in reports of bigger and more alarming hacking activity month after month, the latest comes from major domain registrar and web hosting company GoDaddy.
GoDaddy’s November 22 filing with the Securities and Exchange Commission [i] noted that they detected the breach when they noted suspicious activity in their Managed WordPress hosting environment. The subsequent investigation determined that an unauthorized third party had used a compromised password to gain access to the provisioning system in the legacy code base for Managed WordPress beginning on September 6, 2021.
Though the hacker was blocked from GoDaddy’s systems when the intrusion was detected, the damage had already been done.
What Did the Attacker Have Access To?
According to the filing, the breach affects 1.2 million active and inactive Managed WordPress users. The information exposed includes:
- Email addresses and customer numbers. The exposure of this information could put users at greater risk for phishing attacks.
- The original WordPress admin password created when WordPress was first installed. This information could be used to access a customer’s WordPress server.
- Active customer data, including:
- Their sFTP credentials, which is used for file transfers.
- The username and password for their WordPress database, which stores all their content.
- For a smaller subset of active customers, their SSL (Secure Socket Layer) private key. These credentials could allow a hacker to effectively impersonate a customer’s website or services.
The steps the company has taken to remediate the problem include:
- Resetting original WordPress admin passwords (if those credentials were still in use).
- Resetting passwords for sFTP and database access.
- Issuing and installing new SSL certificates for affected customers.
Affected By Data Breach?
Unfortunately, the scenario here is an all-too-familiar one. When a hacker infiltrates your system, they don’t just lock it up and demand a ransom anymore; their objective is to remain undetected for as long as possible.
In GoDaddy’s case, the unauthorized user had over two months of access to GoDaddy’s 20 million global customers before any red flags went up. It’s unclear if the company could have taken additional security measures (such as two-factor authentication) to prevent the initial access. One thing this hack highlights, though, is the importance of regular, ongoing security scans and monitoring, regardless of what cybersecurity measures you have in place.
Who knows how many more of GoDaddy’s clients might have been affected had they not performed the scan that finally spotted the suspicious activity?
What we do know is that if affected companies aren’t already working with cybersecurity professionals to safeguard their systems? There’s no time like the present to bring in a cybersecurity expert. Having a knowledgeable team scan a system will help businesses spot vulnerabilities and tell them with certainty whether or not their site is harboring malware or leaving a backdoor open for hackers.
Are You Prepared?
There’s a better time to hire a cybersecurity firm to examine your system than after a hack—and that’s before one has occurred.
It’s much easier and much less costly to make your business an unattractive prospect for hackers BEFORE they have launched a successful cybersecurity attack on your business. Always remember: HACKERS ARE LAZY!!! They are looking for an easy target. If you have a cybersecurity portfolio that is well-implemented, cybercriminals are much more likely to get fed up and look elsewhere for the low-hanging fruit. An ounce of prevention is worth a pound of cure.
Source: GoDaddy Hacked l WordPress l Risk Assessment (petronellatech.com)
Click here for Craig Petronella’s website.
Click here for Petronella’s online compliance resource page.
Click here to contact Craig.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For information about a cyber-crime risk assessment call: 1-877-468-2721