It looks like the onslaught of cyberattacks will never end.
This time, we have the web hosting behemoth GoDaddy reporting a data breach on its managed WordPress hosting service that has impacted over 1.2 million of its active and inactive customers.
In its statement filed with the U.S. Securities and Exchange Commission, GoDaddy revealed that the breach was discovered on November 17, when suspicious activity was detected in its managed WordPress hosting environment. An investigation showed that an unauthorized third-party had gained access to the Managed WordPress environment on September 6 using a compromised password and stayed in the system until November 17 for about 70 days.
GoDaddy reported that the breach exposed email addresses and customer numbers linked to the WordPress accounts; the original WordPress admin password set at the time of account provisioning; SSH File Transfer Protocol (SFTP) and database username and passwords; and SSL private keys for a subset of active customers.
GoDaddy said that soon after the investigation revealed a breach, the company reset all affected SFTP and database passwords and is now in the process of issuing and installing new SSL certificates for the affected customers.
“We are sincerely sorry for this incident and the concern it causes for our customers. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” read the statement.
What could attackers do with the stolen information?
The breach at GoDaddy can have far-reaching consequences for its impacted customers. The exposure of email addresses puts users at a high risk of phishing attacks. Attackers can use compromised passwords to take control of WordPress sites to inject malware or carry out identity theft and fraud transactions. They could also potentially use the stolen SSL key to hijack a domain name and hold it for ransom. They could intercept client-server communication, scam customers, and make changes to the corporate websites.
What should affected companies do to contain the consequences of the attack?
In the event of a data breach, swift incident response can be a life-saver. Companies affected by the breach must immediately revoke compromised digital certificates and reissue new ones with freshly generated SSL keys. To be safer, all managed WordPress users must assume they have been breached and make sure they revoke and reissue all certificates.
“While GoDaddy is working to update all the new SSL certificates, it will take time to accomplish this. As such, to mitigate current vulnerabilities, customers of GoDaddy need to check that the certificates are updated and change the passwords for SFTP access to new and unique numbers, letters and symbols. I’d also recommend incorporating a cryptographic agility capability, which will enable a quick rollover of certifications and keys,” advises Murali Palanisamy, Chief Solutions Officer for AppViewX.
He also urges organizations to consider switching to short-lived digital certificates to limit the time the attackers will have to misuse certificates in the event of a breach. Unlike typical certificates that have a validity of 1-year, short-lived certificates come with a validity of 90 days, which can be reduced further to 30 days if needed. This way, even if the keys are compromised, attackers are restricted by the short timeframe to design and carry out sophisticated attacks.
While GoDaddy’s breach imparts many lessons, one of the big take-aways has to be just how important and useful it is to automate Certificate Lifecycle Management (CLM). Digital certificates are identities that lie at the heart of internet security today. Managing them efficiently and protecting them is key to preventing data breaches.
An automated CLM solution allows public key infrastructure (PKI) teams to revoke and reissue thousands of certificates with minimal human effort in a short span of time. This process could take much longer when done manually, allowing more time for hackers in case of a certificate compromise.
Automated CLM solutions also equip organizations with crypto-agility, a critical capability that helps quickly switch from weak to safer crypto standards in the event of a break-in to minimize the damage. Organizations can also use advanced capabilities of automated solutions to define and enforce strict security policies for certificates and keys, and establish role-based access control for maximum security. CLM automation marries the best of operational convenience and security to help organizations become more proactive in their approach to enterprise security.
GoDaddy has a mammoth customer base of over 20 million worldwide. As users today are growing more cyber-aware and making security-conscious choices, the data breach at GoDaddy will surely cost the company a hefty price; loss of customer trust being the most expensive of all.
The SSL key theft, especially is one among the string of latest security incidents that call attention to the steady surge in identity-based attacks. SSL certificates are used by millions of organizations worldwide to protect their digital businesses online.
Protecting these digital identities is as critical as human identities and must become a top security priority for organizations. An automation tool can help you achieve unlimited possibilities with limited resources. Investing in an end-to-end automation solution will provide extensive visibility into the certificate and encryption key infrastructure and help prevent certificate related incidents.