GoDaddy is saying that it suffered a data breach where unknown attackers stole source code and installed malware on its servers. GoDaddy discovered the breach in early December of 2022 following customer reports the domain is being redirected but apparently the attackers had access to the network for multiple years. Which of course is bad. Very bad.
What’s worse is that by my count, this is the third time that GoDaddy has been pwned. The first was in 2020, the next one was a year later, and now this one. If I am a GoDaddy customer, I’d be very concerned.
Brad Hong, Customer Success Lead at Horizon3ai had this to say:
“Beyond all the buzzwords in the breach notification, at the core, the attackers didn’t “hack” their way into GoDaddy, but rather used known compromised credentials to log in and leave vectors for reentry.
“Supply chain management has gotten immensely more complex as any company providing any service to any internet user, especially with the increasing use of infrastructures-as-a-service, is now a part of this often omitted evaluation. This includes web hosts like GoDaddy and WordPress and picking vendors based on their security efforts, usually out of expertise for the layman.
“This supposed multi-year advanced persistent threat actor group remained undetected for so long following remediation and mitigation measures from GoDaddy’s numerous past data breach incidents. Was it that this APT Group was that skilled or that GoDaddy’s security is that bad?
“The call for Federal-level legislation comes from a place of frustration from the consumer-level as virtually no persons are now untouched by data breaches and the pressure continues to build in an already whistling kettle of company apologies.
“Companies collect, digest, and even sell our data as data custodians, right up until they lose it and with little incentive or punishment for improvement, or lack thereof, consumers are going to continue to see more incidents like this and the impact will only get worse.
“As standard, GoDaddy pushed the onus for action right back to its consumers, advising them to audit their own websites and trust GoDaddy’s security team after trust was broken, all while offering them free “Website Security Deluxe and Express Malware Removal” services instead of fortifying their own kingdom time and time again. Maybe they should’ve used it themselves?
“Every organization takes on the responsibility of serving as a protector of data when a person does business with them and as such should continuously be validating their security controls and tools through testing, from every perspective and blast radius, and ensure blue teams are not at max capacity just playing whack-a-mole but making valiant strides to future-proof the security stack.”
I think the message here is clear. If you’re a GoDaddy customer, I would strongly consider hosting with another provider. Clearly GoDaddy has security issues that they can’t fix, and they’re leaving to their customers to keep themselves safe. Which is a #fail all day and every day.
Like this:
Like Loading...
Related
This entry was posted on February 18, 2023 at 5:40 pm and is filed under Commentary with tags GoDaddy, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
GoDaddy Gets Pwned…. Again…. And This Time It’s Really Bad
GoDaddy is saying that it suffered a data breach where unknown attackers stole source code and installed malware on its servers. GoDaddy discovered the breach in early December of 2022 following customer reports the domain is being redirected but apparently the attackers had access to the network for multiple years. Which of course is bad. Very bad.
What’s worse is that by my count, this is the third time that GoDaddy has been pwned. The first was in 2020, the next one was a year later, and now this one. If I am a GoDaddy customer, I’d be very concerned.
Brad Hong, Customer Success Lead at Horizon3ai had this to say:
“Beyond all the buzzwords in the breach notification, at the core, the attackers didn’t “hack” their way into GoDaddy, but rather used known compromised credentials to log in and leave vectors for reentry.
“Supply chain management has gotten immensely more complex as any company providing any service to any internet user, especially with the increasing use of infrastructures-as-a-service, is now a part of this often omitted evaluation. This includes web hosts like GoDaddy and WordPress and picking vendors based on their security efforts, usually out of expertise for the layman.
“This supposed multi-year advanced persistent threat actor group remained undetected for so long following remediation and mitigation measures from GoDaddy’s numerous past data breach incidents. Was it that this APT Group was that skilled or that GoDaddy’s security is that bad?
“The call for Federal-level legislation comes from a place of frustration from the consumer-level as virtually no persons are now untouched by data breaches and the pressure continues to build in an already whistling kettle of company apologies.
“Companies collect, digest, and even sell our data as data custodians, right up until they lose it and with little incentive or punishment for improvement, or lack thereof, consumers are going to continue to see more incidents like this and the impact will only get worse.
“As standard, GoDaddy pushed the onus for action right back to its consumers, advising them to audit their own websites and trust GoDaddy’s security team after trust was broken, all while offering them free “Website Security Deluxe and Express Malware Removal” services instead of fortifying their own kingdom time and time again. Maybe they should’ve used it themselves?
“Every organization takes on the responsibility of serving as a protector of data when a person does business with them and as such should continuously be validating their security controls and tools through testing, from every perspective and blast radius, and ensure blue teams are not at max capacity just playing whack-a-mole but making valiant strides to future-proof the security stack.”
I think the message here is clear. If you’re a GoDaddy customer, I would strongly consider hosting with another provider. Clearly GoDaddy has security issues that they can’t fix, and they’re leaving to their customers to keep themselves safe. Which is a #fail all day and every day.
Share this:
Like this:
Related
This entry was posted on February 18, 2023 at 5:40 pm and is filed under Commentary with tags GoDaddy, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.