In the latest cybersecurity breach news, web hosting giant GoDaddy has revealed that malicious actors have been stealing its source code for several years. This article shares a look at the multi-year data breach campaign and describes how you can protect yourself if you use a hosting service.
Web hosting giant GoDaddy has reported that it was a victim of a cyber-attack where the hackers stole source code and placed malware on its servers. The threat actors breached its cPanel shared hosting environment in a multi-year attack.
The organization discovered the security breach in early December 2022 after customers reported that their sites were being maliciously used to redirect users to random domains. However, the attackers had multiple years of access to the organization’s network.
What Does GoDaddy Have to Say about the Multi-Year Breach?
GoDaddy released a statement highlighting all the details of the data breach that went on for years. In December 2022, GoDaddy received complaints from customers about their websites being intermittently redirected. Upon investigation, an unauthorized third party had gained access to servers in the organization’s cPanel shared hosting environment and installed malware, causing the intermittent redirection of customer websites.
After confirming the intrusion, GoDaddy has implemented security measures to prevent future infections and is working with multiple law enforcement agencies and forensics experts to investigate the issue. The incident was carried out by a sophisticated and organized group targeting hosting services. They aimed to infect websites and servers with malware for phishing campaigns, distribution, and other malicious activities.
How is GoDaddy Handling the Multi-Year Data Breach Campaign?
GoDaddy disclosed that previous breaches, particularly the ones that occurred in November 2021 and March 2020, are also linked to this multi-year campaign. Currently, the enterprise is collaborating with cybersecurity forensics experts and law enforcement agencies globally to determine the underlying reason for the security breach.
Furthermore, GoDaddy has discovered supplementary proof that connects malicious actors to a more extensive operation aimed at various hosting firms worldwide throughout the years. The breach poses a significant threat to the security and privacy of the more than 20 million customers GoDaddy serves worldwide.
GoDaddy is actively collecting evidence and information regarding its tactics and techniques to help law enforcement while enhancing the security of its systems to protect its customers and their data. As the investigation into this multi-year breach continues, GoDaddy customers are being warned to remain vigilant and take necessary precautions to protect their online assets.
The Data Breach at GoDaddy that Hit 1.2 Million WordPress Customers
Web hosting giant GoDaddy revealed that up to 1.2 million customers had their data exposed in a data breach. The breach was discovered on 17 November 2021 after the organization identified suspicious activity in its Managed WordPress hosting environment.
GoDaddy’s CISO (Chief Information Security Officer), Demetrius Comes, said that an unauthorized third party had accessed the provisioning system using a compromised password.
The organization said the attackers had accessed its network and the breached systems since at least 6 September 2021. As a result of the breach, nearly 1.2 million active and inactive Managed WordPress consumers had their email addresses and customer numbers exposed.
For active customers, their SFTP (Secure File Transfer Protocol) and database usernames and passwords were also exposed. In contrast, some active customers had their SSL (Secure Sockets Layer) private key exposed.
GoDaddy said it contacted all impacted customers directly with specific details and advised them to reset their passwords. However, this data breach was not the first time GoDaddy had experienced a security incident. In May 2021, the organization suffered another cyberattack and alerted some customers that an unauthorized party had used their web hosting account credentials to connect to their hosting account via SSH (Secure Shell).
How Severe is the GoDaddy Data Breach?
Experiencing a security breach does not necessarily indicate failure for a tech enterprise, as implementing effective phishing protection measures can help minimize such incidents’ impact. However, based on the available information, this breach may represent a significant challenge for GoDaddy to recover from in terms of public relations.
The fact that the breach covers multiple years and has left GoDaddy customers vulnerable to malware makes the situation even more concerning. The implications of this incident extend beyond GoDaddy, as the group responsible for the breach is focused on targeting hosting services more broadly.
Hacking a hosting service can be an attractive target for cybercriminals since it provides a centralized location to access a vast array of websites. As a result, the actual target of the attack is the hosting service’s customers, which is a concerning prospect for anyone who manages their website.
The Need for a Proactive Approach Against Threat Actors
As evident from the GoDaddy multi-year data breach, threat actors can be in organizational systems undetected by using stealthy tactics such as leveraging zero-day vulnerabilities, disguising their activities as legitimate user behavior, and using social engineering techniques to gain access to sensitive data or systems.
Once they are in, threat actors can cause harm, such as stealing valuable information, disrupting critical systems, and spreading malware.
They may remain undetected for a long time, silently collecting data and biding their time until they can launch a devastating attack, which can be significantly damaging in the case of advanced persistent threats (APTs), where attackers may maintain a presence within the organization for months or even years, continually compromising systems and exfiltrating data.
Without proper detection and response mechanisms, threat actors can wreak havoc on organizational systems, leading to significant financial, reputational, and legal consequences. With such severe consequences, organizations must concentrate efforts and adopt proactive approaches to keep threat actors and data breaches at bay.
How to Protect Your Website if you are Using a Hosting Service?
If you choose to use a hosting service for your website, here are some steps you can take to help protect your site:
- Choose a Reputable Hosting Provider: Research and select a reputable hosting provider with a proven security and reliability track record. Look for hosting services that offer security features such as firewalls, SSL certificates, and regular backups.
- Keep Software Up to Date: Make sure you keep all software, including your Content Management System (CMS), up to date with the latest security patches and updates.
- Install Security Plugins: Install security plugins on your CMS to help protect your site from common security threats such as malware, brute force attacks, and spam.
- Use HTTPS: Use HTTPS encryption to secure communications between your website and its visitors, which helps protect your visitors’ data and improves your site’s ranking in search engines.
- Monitor your Site: Regularly monitor your site for suspicious activity, especially unauthorized access attempts or changes to your site’s code or content. Set up alerts to notify you of any suspicious activity.
The recent news of a security breach at GoDaddy is a stark reminder of the ongoing threat that cybercriminals pose to individuals and organizations. The fact that the breach appears to have occurred over an extended period and has compromised GoDaddy customers’ source code is particularly concerning.
While there is no foolproof way to prevent security breaches, being vigilant and taking appropriate measures can help reduce the risk of falling victim to cyberattacks. GoDaddy customers, in particular, should take note of this incident and take steps to secure their accounts and data.