Hackers have managed to steal GoDaddy’s source code and customer data in a multi-year data breach that went unnoticed from 2020 to 2022, the company has confirmed. The firm is one of the largest domain registrars and hosting providers in the market. The incident compromised the web hosting accounts of 28,000 customers and stolen source code.
Following this news concerning the multi-year security breach that the website hosting giant has suffered, a number of other websites may have the same vulnerabilities. The issue exposes some weaknesses in the technology sector.
Considering these issues for Digital Journal is Kevin Kirkwood, Deputy CISO at LogRhythm.
According to Kirkwood the impact of the data breach runs deep: “It is apparent that GoDaddy did not do a deeper drive through their environments after the first breach, or even the second incident (where 1.2 million WordPress accounts were compromised). After the third incident, where webpages were actually redirected, GoDaddy finally reached the realization that they had bigger problems.”
Kirkwood explains how the incident has developed into something more troubling than first realised: “In the initial incident, the attacker gave themselves back doors to the environment that they had access to, were able to traverse to other environments, sprayed additional malware, and even got to the point where they were able to access and insert malicious code into the source code of the core applications of GoDaddy.”
Kirkwood notes that the issue has been resolved, however he is critical of the approach taken, noting: “The journey is ending where they should have started—the company should have done their due diligence by doing a full forensic analysis after the first incident.”
In terms of best practices, Kirkwood recommends: “When a company experiences a cyber incident, some basic blocking and tackling can be put in place to help discover illicit activity.”
In terms of what should happen, Kirkwood states: “A security information and event management (SIEM) is a starting point for ensuring that folks have the ability to collect, analyze and build alerts off of the logs from their existing environments.”
With the SIEM concept, as defined by IBM this is a solution that helps organizations detect, analyze and process, and appropriately respond to security threats before they harm business operations.
Following this, Kirkwood recommends: “Taking that to the next level, everyone should have a version of User Entity Behavior Analysis (UEBA) and a Network Detection and Response (NDR) tool.”
Kirkwood adds: “Tying the information from logs, the data coming in about users and devices from the UEBA and corresponding data from the NDR sets the stage for avoidance.”