GoDaddy cyber attack yet another ‘wake up call’ to insurance industry – CyberCube

The recent cyber attack on internet domain registrar and web hosting company GoDaddy serves as yet another “wake up call” to the insurance and reinsurance industry, according to cyber analytics firm CyberCube.

The incident, which was discovered on 17 November 2021, was a single point of failure (SPoF) cyber attack that saw 1.2 million active and inactive WordPress customers have their email addresses and customer numbers exposed.

The criminal third-party also gained access to WordPress admin password for these accounts, as well as usernames and passwords for active customers. For a “subset of active customers”, the secure sockets layer (SSL) private key was also leaked.

A SPoF is a flaw in the design, configuration, or implementation of a system, circuit, or component that subsequently poses a potential risk because one part of the system could cause the whole thing to stop working. 

William Altman, cyber security consultant at CyberCube, said: “This event is yet another wake up call to (re)insurers that large scale cyber loss events that impact tens of thousands of companies and millions of users at the same time are increasingly possible.

“Data breaches at internet enabling SPoFs, such as web hosting providers, email services providers, certificate authorities and domain registrars like GoDaddy, can lead to the mass theft of login credentials and email addresses.

“This in turn puts the subjects of the stolen data at greater risk of being targeted in other attacks. In the worst case scenario, threat actors could target all of the stolen email addresses obtained from GoDaddy with targeted malware-laden phishing emails.”

The GoDaddy breach is the latest in a series of cyber attacks targeting SPoFs. Other examples include the SolarWinds attack in December 2020 and, more recently, a wave of attacks on Microsoft Exchange servers between January and March this year.

The potential for one of these attacks to have systemic consequences triggering catastrophic losses for cyber insurers is increasing, said CyberCube.

Attacking the ’backbone of global public internet’

Following its infiltration, GoDaddy took action and forced the threat actor out of its network. 

CyberCube, which creates cyber risk models for the global insurance industry, warned insurers and reinsurers that this latest breach should prompt a review of their understanding of SPoF exposures, especially regarding organisations like GoDaddy, which are considered to be part of the “backbone of the global public internet”.

Darren Thomson, head of cyber security strategy at CyberCube, added: “Cyber underwriters should look to GoDaddy as a warning for the types of high risk cyber security signals to look out for when deciding on whether or not to underwrite an account.

“CyberCube’s single risk cyber underwriting solution, Account Manager, flagged a high risk of ‘exposed credentials’ for GoDaddy prior to this latest breach. GoDaddy was observed as having over 270 different exposed records in the last 60 days, including email addresses, combinations of passwords and emails that can be used to login to the company’s network.”

Insurance Times has contacted GoDaddy for further comment.