BACKGROUND:
It has been reported internet infrastructure company GoDaddy has admitted that a hacker gained access to the personal information of more than 1.2 million customers of its WordPress hosting service. In documents filed with the US Securities and Exchange Commission earlier today, GoDaddy said it discovered the breach last week, on November 17, after noticing “suspicious activity” on its Managed WordPress hosting environment. The subsequent investigation found that a hacker had access to its servers for more than two months, since at least September 6.
<p dir=\"ltr\">Reports of hackers gaining access to web hosting companies such as this is troubling, given the amount of data such businesses hold and the ramifications if it falls into the wrong hands. </p>
<p dir=\"ltr\">Organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It\’s vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.</p>
<p dir=\"ltr\">Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside.</p>
<p>With many internet users holding dozens of online accounts across various services, it has become more difficult for them to memorize numerous, complex passwords. Unfortunately, password reuse has become a common malpractice that increases the chances of account hijacking when one set of a user’s credentials are leaked. More than 80% of hacking-related breaches are tied to lost or stolen credentials and it is now self-evident that passwords alone are not enough when it comes to authenticating users.</p>
<p>Consumers and businesses must work together to ensure the privacy of corporate and personal data. To properly verify the identities of their employees and customers, companies must enhance their security protocols by establishing continuous, context-based security throughout the entire login experience. Solutions like multi-factor authentication (MFA) and single sign-on (SSO) don’t require users to remember countless passwords, while also mitigating the risk of account compromise. On a consumer level, users can safeguard their digital identity by educating themselves on the risks of password reuse, following cybersecurity best practices, and staying informed on rising threats. Because we now live in a time when our daily lives revolve around the internet and our various accounts therein, identity management awareness has never been more critical.</p>
<p>We can\’t express enough the importance of strong password security standards and good hygiene. Even with these in place, however, breaches can still happen. When organizations provide third parties with data or access to production systems, their security is no longer within their control. It is critical for companies to regularly monitor outside their immediate perimeter and identify exposed credentials well before they are leveraged by hackers and lead to data breaches like this.</p>
<p>One of the biggest concerns following any password breach is the threat of additional Account Takeovers (ATOs) on other sites due to password reuse. Cybercriminals leverage these types of data breaches for financial gain by selling the stolen credentials on the Dark Web. These stolen credentials are then used for credential stuffing and ATO attacks, which can steal value, whether that is in the form of gift cards, credit card numbers, loyalty points, or false purchases. ATO attacks are a major threat to any business and all of this just creates more fuel to feed the ATO attack fire.</p>
<p>It is much simpler and more lucrative to walk in through the front door of a digital business with valid stolen credentials than to look for holes in an organization\’s cybersecurity defenses. PerimeterX research found that 75-85% of all login attempts in the second half of 2020 were account takeover attempts.</p>
<p>Organizations need to be aware of signs that they\’ve been attacked. These can include surges in help desk calls, spikes in password resets and inhuman user behaviors, such as thousands of login attempts on an account in a short time period and then take the appropriate action to block these attacks. And on the flip-side, consumers need to ensure they are using varied and robust passwords across different websites and applications and lock down their credit reports as well. A <a href=\"https://www.perimeterx.com/resources/blog/2021/best-offense-is-a-layered-defense/ifpossible\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.perimeterx.com/resources/blog/2021/best-offense-is-a-layered-defense/20if20possible&source=gmail&ust=1637843841551000&usg=AOvVaw35zP1RuWtI0uSIb57-s5MS\">layered defense model</a> is considered the most powerful, especially when it can react to both disclosed and undisclosed breaches.</p>
<p>A breach of this size is particularly dangerous around the holidays. Hackers try to take advantage of every new email address and password exposed in an attempt to launch phishing attacks and social engineering schemes. Enterprises, SMBs, and individuals using frequently targeted platforms like WordPress should ensure they are following strong password best practices: complexity, frequent password changes, not sharing passwords between applications, and multi-factor authentication. If possible, utilize an authenticator app to secure your account instead of traditional two-factor authentication via SMS – as hackers have recently been targeting users with specialized SMS phishing.</p>