GoDaddy Incident

High Level Summary of the Security Advisory

GoDaddy is an internet domain registrar and web hosting company facilitating online businesses.

On February 16th 2023, GoDaddy issued a public statement revealing that, in early December 2022, an unauthorized third party had gained access to servers in their cPanel shared hosting environment and installed malware causing the intermittent redirection of customer websites. GoDaddy engaged multiple law enforcement agencies, in addition to forensics experts, to further investigate this incident. Based on the investigation performed so far, they believe that this incident (along with other security incidents that were identified in March 2020 and November 2021) is part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on its systems and obtained pieces of code related to some services within GoDaddy.

GoDaddy indicated that once the intrusion was confirmed, they remediated the situation and implemented security measures in an effort to prevent future infections. Further details about the March 2020, November 2021, and December 2022 security incidents can be found in the their 10-K report filing (filed with the U.S. Securities and Exchange Commission (SEC)).

Should I be concerned?

Maybe. It depends on the relationship you have with GoDaddy. Click on the link below to find out if you have a relationship with this vendor. If you do, follow the recommendations below.

Note: this link is specific to the GoDaddy directory record. You may also want to search your RLP for "GoDaddy" to confirm.

What to do if you have an active relationship with GoDaddy

In response to the incident (as part of their Statement), GoDaddy stated that they have taken appropriate measures to mitigate the attack and strengthen their security. However, they did not provided any immediate corrective steps or security best practices to prevent such incidents.

If you have a direct relationship with GoDaddy or know that one of your vendors does, we suggest immediately reaching out to GoDaddy and asking if your organization was impacted by this incident. If it is revealed that you were impacted, ask GoDaddy if there are any additional security measures your organization should implement to prevent further incidents.

Additionally, we recommend taking the following steps to strengthen the defense mechanism against future inevitable attempts of similar nature: resetting all account passwords, enabling multi-factor authentication, maintaining a solid and effective vulnerability management program and closely monitoring vulnerability scans to detect (early-on) any malicious code/ malware or other suspicious activities.

---------------------------------------------------------------------------

We are actively working on future product enhancements related to these types of events. If you found this information helpful or have additional feedback please let us know at product@visotrust.com.

For any additional questions, please reach out to your customer success manager.

GoDaddy Incident

High Level Summary of the Security Advisory

Should I be concerned?

What to do if you have an active relationship with GoDaddy

How did we do?

LastPass Incident

CircleCI Incident

Related Articles

LastPass Incident

CircleCI Incident

Fiserv Security Incident

High Level Summary of the Security Advisory

Should I be concerned?

What to do if you have an active relationship with GoDaddy

How did we do?

LastPass Incident

CircleCI Incident

Related Articles

LastPass Incident

CircleCI Incident

Fiserv Security Incident

Contact

Related Articles

Custom Organization Email Domain

Artifact Intelligence Trust Center

VISO TRUST Roles & Permissions

Netksope Application Risk Exchange Plugin

How to Create an API Access Token

How To Configure The VISO TRUST Netskope Application Risk Exchange (ARE) Plugin

How To Configure Coupa Supplier Sync

Customize branding for your organization

VISO TRUST Risk Assessment Process

All About Risk Review and Remediation

Lifecycle Management for Relationships

How To Import New or Existing Relationships

DROPBOX, INC. Cybersecurity Incident

Persistent Malicious Campaign: Exploiting Exchange Server Vulnerability Leading to Data Breach in Azure Cloud Environments

Infosys McCamish Data Breach Hits Bank of America

ConnectWise ScreenConnect Authentication Bypass Vulnerability

Okta's Support System Security Incident

VF Corporation Data Breach Incident

HealthEC LLC (HEC) Cyber Security Event

Orrick Herrington & Sutcliffe LLP Breach Incident

Citrix Hypervisor Security Incident

Citrix NetScaler ADC and NetScaler Gateway vulnerabilities

Sumo Logic Potential Security Incident

Arietis Health Security Incident

Cisco IOS XE Software Web Management User Interface vulnerabilities

CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence Data Center and Server

JumpCloud's Ongoing Incident: API Key Reset

Progress Software MOVEit Zero-Day Vulnerability

GoAnywhere MFT (Fortra) Incident