Comment from Thycotic: GoDaddy breach
Following the news around the GoDaddy breach, Joseph Carson, chief Security Scientist at Thycotic offers the following comment:
“The latest data breach at GoDaddy should be a major concern for all of its customers. Unauthorized access using SSH accounts should not occur if the company was using security best practices such as multifactor authentication or privileged access management for accounts that allow remote access.
It is not clear on what GoDaddy meant by none of its “main customers” were affected as this translates to me as ‘important’ customers were not affected but ‘not so important’ customers could have been affected.
The response from GoDaddy is ambiguous and does not provide confidence on them having a strong Incident Response plan, though I do hope over time that opinion will be changed. A data breach such as this on a large hosting provider is a major issue as it could unlock the doors to many of their customers businesses via unauthorized configuration changes to their websites. Or even worse, allow the cybercriminal to make modifications to web services that could steal data, credit card information or account passwords.
It’s ironic that any customers who are victims of this unauthorized access will in return get free security services from GoDaddy. This is another strong reminder that both remote access and privileged access should have strong security controls in place that reduces the risks from unauthorized access even occurring such as MFA and Privileged Access Security.”