Earlier this week, the world’s largest domain registrar, GoDaddy, announced that they had become a victim of a data breach that had occurred in October 2019. According to the official notice, the SSH credentials of nearly 28,000 users had been affected, though no serious damage was done. GoDaddy has registered a data breach notice with the California Attorney General, and revealed that the breach was discovered on the 23rd of April, 2020.
Let’s take a closer look at what really happened.
According to GoDaddy, an unauthorized individual had bypassed their security systems and gained access to SSH login credentials hosted on GoDaddy’s servers. Eventually, suspicious activity was detected, alerting authorities to the breach. GoDaddy has notified its users that all the exposed usernames and passwords were immediately reset, and the unauthorized party was blocked. The official notice also notes that there was no evidence that any files had been added or modified as a result of the breach. GoDaddy has promised to enhance their security measures to prevent such an incident from happening again, and will be providing affected customers with one year of premium security services free of charge. It is also important to note that none of the main accounts were affected by this breach – all the impacted accounts were hosting accounts.
This occurrence highlights a critical threat vector that is often overlooked in security infrastructures – SSH keys. SSH (or Secure Shell) is used to remotely access network resources and automate server access across an organization. They’re quite resilient against cyber exploits, due to the way they work. However, they often require constant monitoring and rotation to ensure that their passkeys are not compromised. Several organizations lack well-defined management processes for SSH keys, which are created and used on an ad-hoc basis and then discarded. The discarded keys, which are still tied to the server, could then be used by malicious actors to compromise the security of the network infrastructure.
In a day and age where attach vectors are growing more advanced by the minute, security and IT teams should ensure that they leverage robust cryptographic management techniques and follow industry best practices to protect their SSH keys. By gaining complete visibility into PKI, constantly rotating SSH credentials, enforcing audit and policy, and automating the management of their Secure Shell assets, teams can ensure that their SSH keys are protected sufficiently, and even in the event of a large scale compromise, like what happened to GoDaddy, teams can be sufficiently prepared to spring into action and rapidly take remedial measures before an official solution is implemented.