CyberCube: GoDaddy attack a systemic cyber warning

A Single Point of Failure (SPoF) cyber-attack such as the one currently affecting web-hosting firm GoDaddy represents one of the most likely ways the world could experience its first systemic cyber event, leading cyber analytics expert CyberCube said today.

The GoDaddy breach is the latest in a series of cyber-attacks on SPoFs including the SolarWinds attack of 2020 and, more recently, an attack on Microsoft Exchange servers.

The potential for one of these attacks to have systemic consequences triggering catastrophic losses for cyber insurers is increasing, said CyberCube.

GoDaddy took action and forced the threat actor out of the company’s network, but not before 1.2 million GoDaddy customers’ login credentials were stolen, putting those accounts at high risk of being targeted in business email scams and phishing campaigns.

CyberCube, which creates cyber risk models for the global insurance industry, warned insurers and reinsurers that the breach should prompt a review of their understanding of their SPoF exposures, especially organizations like GoDaddy that are considered to be part of the “backbone of the global public internet”.

William Altman, cyber security consultant with CyberCube, said: “This event is yet another wake-up call to (re)insurers that large-scale cyber loss events that impact tens of thousands of companies and millions of users at the same time are increasingly possible.

“Data breaches at internet-enabling SPoFs such as web-hosting providers, email services providers, certificate authorities, and domain registrars like GoDaddy can lead to the mass theft of login credentials and email addresses. This in turn puts the subjects of the stolen data at greater risk of being targeted in other attacks. In the worst-case scenario, threat actors could target all of the stolen email addresses obtained from GoDaddy with targeted malware-laden phishing emails.”

Darren Thomson, head of cyber security strategy for CyberCube added: “Cyber underwriters should look to GoDaddy as a warning for the types of high-risk cyber security signals to look out for when deciding on whether or not to underwrite an account. CyberCube’s single risk cyber underwriting solution, Account Manager, flagged a high risk of ‘Exposed Credentials’ for GoDaddy prior to this latest breach. GoDaddy was observed as having over 270 different exposed records in the last 60 days including email addresses, combinations of passwords and emails that can be used to login to the company’s network.”

GoDaddy is one of several leading domain registrars that also offers website and email hosting, among other products and services. In particular, GoDaddy offers the ability to host WordPress websites on its servers.

Follow us on twitter: @risksEmerging

BEWARE! Amazon scam emails up 500%😲
Protect Yourself! ->> https://redfox.ntrigo.com

#infosec #cybersecurity #100DaysOfCode #womenintech #javascript #Python #nodejs #opensource #Pune #indiedev #globalhealth #Flutter #SocEnt #osint @BlazedRTs #twitch #java
https://bit.ly/3A6U7I3

AI Security: How Human Bias Limits Artificial Intelligence http://ibm.co/2RIOQEB #ArtificialIntelligence #Security #DDoS #MachineLearning #DataScience #CyberSecurity #Data #Humanbias #Network #technology #QAcycle

Only 1 week left! #EUHaveYourSay to help us further develop and fine-tune the initiative "Digitalising the energy ⚡️ sector".
The public consultation closes next Monday 24 January at 🕛midnight (CET) ➡️ https://europa.eu/!7qG9gv #energysystem #digitalisation #cybersecurity

Buying your groceries online could leave you missing key information, study says https://cnn.it/3Kq6ILj

Infographic: The Future of Artificial Intelligence

#metaverse #technology #tech #future #innovation #MachineLearning #IIoT #DevOps #DataScience #coding #programming #ai #100DaysOfCode #developer #robot #ML #DL #ArtificialIntelligence #infosec #cybersecurity

#LSO should consider dual process method in new #cybersecurity authentication rules: #Vaultie https://www.canadianlawyermag.com/resources/legal-education/lso-should-consider-dual-process-method-in-new-cybersecurity-authentication-rules-vaultie/363224#.YeZy7OWvN50.twitter

Happy Thursday, Everybody! 👋😃

There is still time if you have not answered this week's cyber-related question. Click below and let us know! 👇😉

This week, we want to know more about your company's approach to #cybersecurity #awareness #training. 🎓🧑‍💻

#poll #infosec #vote https://twitter.com/IYS_GmbH/status/1483006379480825857

Increase Your Skills@IYS_GmbH

Good morning Twitter! We hope you all had a cyber secure weekend. 😁👍

Q: How does your company handle its cybersecurity awareness training? 👨‍💻🎓

#Poll #Cybersecurity #Infosec #Awareness #Training #AskTwitter

How do you secure employee smartphones and tablets given today’s expanded attack surface? That's a question we often hear. That's why we decided to answer it in our recent article. https://bit.ly/3A9Fbrc #cybersecurity #mobilesecurity

Load More...
SHARE: