What’s Going On?
GoDaddy reported the breach to the Securities and Exchange Commission (SEC) on November 17, revealing that suspicious activity in its managed WordPress hosting environment was observed on that date. Using a stolen password, an unauthorised third-party obtained access to the Managed WordPress environment on September 6 and remained there until November 17 for nearly 70 days, according to the investigation.
Email addresses and customer numbers linked to WordPress accounts; the original WordPress admin password set at account provisioning; SSH File Transfer Protocol (SFTP) and database usernames and passwords; and SSL private keys for a subset of active customers were all exposed in the breach, according to GoDaddy’s report.
Immediately upon the discovery of the compromise, GoDaddy reset all affected SFTP and database passwords, and is currently providing and installing new SSL certificates for those customers who were affected.
Please accept our heartfelt apologies for the inconvenience this has caused our clients.” Our provisioning system will be strengthened with extra levels of protection as a result of our lessons learned from this occurrence, according to the statement.
Hackers Could Use Stolen Data in A Variety of Ways:
Customers of GoDaddy may suffer long-term effects as a result of the security compromise. There is a considerable risk of phishing attacks when email addresses are made public.
To gain control of WordPress sites, criminal hackers might exploit compromised passwords to implant malware or engage in identity theft and fraud operations.
They might even be able to extort money from the owner of a domain name by encrypting it with the stolen SSL key. Client-server communication might be intercepted, clients could be scammed, and corporate websites could be altered.
What Should Be Done by The Impacted Companies to Minimise the Damage?
Rapid incident response can save a company’s bacon in the event of a breach. Revocation and reissue of compromised digital certificates must be carried out immediately by companies affected by the breach. WordPress administrators should assume they have been compromised and should revoke and reissue all certificates to be on the safe side.
It will take some time for GoDaddy to update all of the new SSL certificates.” For this reason, GoDaddy customers should verify that their certificates have been updated and change their SFTP access passwords to new and unique digits, letters, and symbols to mitigate current vulnerabilities.
If you want to keep your certificates and keys secure, you need to have cryptographic agility,” explains Murali Palanisamy, the Chief Solutions Officer for AppViewX.
Using short-lived digital certificates, he says, will reduce the amount of time attackers have to abuse certificates in the event of a breach.
When compared to standard certificates, short-lived certificates have a validity period of 90 days, which can be shortened further to 30 days if necessary, unlike the regular 1-year validity period. If the keys are stolen, attackers will have little time to devise and execute sophisticated assaults because of the short timescale.
One of the most essential takeaways from the GoDaddy hack is the value and necessity of automating Certificate Lifecycle Management (CLM). Today’s internet security relies heavily on digital certificates, which serve as identifiers. Data breaches can be prevented if they are managed and protected effectively.
PKI teams can quickly and easily revoke and reissue hundreds of thousands of certificates using an automated CLM system. As a result, hackers have more time to exploit a compromised certificate when this process is done manually.
Automated CLM systems also provide enterprises with crypto-agility, a critical skill that helps quickly convert from weak to safer crypto standards in the case of a break-in in order to limit the damage caused by the breach.
Automated solutions can also be used to develop and implement stringent security policies for certificates and keys, as well as establish role-based access control for the most secure environment possible.
In order to assist companies become more proactive in their approach to corporate security, CLM automation combines the best of operational comfort and security.
Onward and Upward
More than 20 million people use GoDaddy’s services worldwide. The loss of client confidence will be the most costly consequence of GoDaddy’s data leak, given that customers are becoming increasingly cyber-aware and making security-conscious choices.
Identity-based assaults have been steadily increasing in recent months, and the theft of the SSL key is one of the most recent examples. Millions of businesses around the world use SSL certificates to safeguard their digital operations on the internet.
Digital identities are as important as human ones and must be protected as a key concern for enterprises. Using an automated tool can allow you to accomplish more with fewer resources.
Investing in an end-to-end automation solution will provide significant insight into the certificate and encryption key infrastructure, which will assist prevent certificate-related events.
For More Information Visit Our Site : https://www.techllog.com/