The current cyber assault on web area registrar and website hosting firm GoDaddy serves as one more “get up name” to the insurance coverage and reinsurance trade, based on cyber analytics agency CyberCube.
The incident, which was found on 17 November 2021, was a single level of failure (SPoF) cyber assault that noticed 1.2 million energetic and inactive WordPress clients have their electronic mail addresses and buyer numbers uncovered.
The felony third-party additionally gained entry to WordPress admin password for these accounts, in addition to usernames and passwords for energetic clients. For a “subset of energetic clients”, the safe sockets layer (SSL) personal key was additionally leaked.
A SPoF is a flaw within the design, configuration, or implementation of a system, circuit, or element that subsequently poses a possible threat as a result of one a part of the system might trigger the entire thing to cease working.
William Altman, cyber safety marketing consultant at CyberCube, mentioned: “This occasion is one more get up name to (re)insurers that giant scale cyber loss occasions that affect tens of 1000’s of firms and tens of millions of customers on the similar time are more and more doable.
“Knowledge breaches at web enabling SPoFs, resembling website hosting suppliers, electronic mail providers suppliers, certificates authorities and area registrars like GoDaddy, can result in the mass theft of login credentials and electronic mail addresses.
“This in flip places the themes of the stolen information at better threat of being focused in different assaults. Within the worst case state of affairs, menace actors might goal the entire stolen electronic mail addresses obtained from GoDaddy with focused malware-laden phishing emails.”
The GoDaddy breach is the most recent in a sequence of cyber assaults concentrating on SPoFs. Different examples embody the SolarWinds assault in December 2020 and, extra lately, a wave of assaults on Microsoft Trade servers between January and March this 12 months.
The potential for certainly one of these assaults to have systemic penalties triggering catastrophic losses for cyber insurers is rising, mentioned CyberCube.
Attacking the ’spine of world public web’
Following its infiltration, GoDaddy took motion and compelled the menace actor out of its community.
CyberCube, which creates cyber threat fashions for the worldwide insurance coverage trade, warned insurers and reinsurers that this newest breach ought to immediate a evaluate of their understanding of SPoF exposures, particularly relating to organisations like GoDaddy, that are thought-about to be a part of the “spine of the worldwide public web”.
Darren Thomson, head of cyber safety technique at CyberCube, added: “Cyber underwriters ought to look to GoDaddy as a warning for the forms of excessive threat cyber safety indicators to look out for when deciding on whether or not or to not underwrite an account.
“CyberCube’s single threat cyber underwriting resolution, Account Supervisor, flagged a excessive threat of ‘uncovered credentials’ for GoDaddy previous to this newest breach. GoDaddy was noticed as having over 270 totally different uncovered data within the final 60 days, together with electronic mail addresses, mixtures of passwords and emails that can be utilized to login to the corporate’s community.”
Insurance coverage Occasions has contacted GoDaddy for additional remark.