GoDaddy cyber attack a ‘wake-up call’ to re/insurers
Cyber attacks such as the one currently affecting web-hosting firm GoDaddy is a “wake-up call’ to the global insurance industry, risk analytics company CyberCube has warned.
The GoDaddy breach is the latest in a series of Single Point of Failure (SPoF) cyber attacks including the SolarWinds attack of 2020 and, more recently, an attack on Microsoft Exchange servers. The potential for one of these attacks to have systemic consequences triggering “catastrophic losses” for cyber insurers is increasing, said CyberCube.
Before GoDaddy was able to take any action, 1.2 million customers' login credentials were stolen, putting those accounts at high risk of being targeted in business email scams and phishing campaigns.
CyberCube, which creates cyber risk models for the global insurance industry, has warned insurers and reinsurers that the breach should prompt a review of their understanding of their SPoF exposures, especially organisations like GoDaddy that are considered to be part of the “backbone of the global public internet”.
William Altman, cyber security consultant with CyberCube, said: “This event is yet another wake-up call to (re)insurers that large-scale cyber loss events that impact tens of thousands of companies and millions of users at the same time are increasingly possible.
“Data breaches at internet-enabling SPoFs such as web-hosting providers, email services providers, certificate authorities, and domain registrars like GoDaddy can lead to the mass theft of login credentials and email addresses. This in turn puts the subjects of the stolen data at greater risk of being targeted in other attacks. In the worst-case scenario, threat actors could target all of the stolen email addresses obtained from GoDaddy with targeted malware-laden phishing emails.”
Darren Thomson (pictured), head of cyber security strategy for CyberCube, added: “Cyber underwriters should look to GoDaddy as a warning for the types of high-risk cyber security signals to look out for when deciding on whether or not to underwrite an account. CyberCube’s single risk cyber underwriting solution, Account Manager, flagged a high risk of ‘Exposed Credentials’ for GoDaddy prior to this latest breach. GoDaddy was observed as having over 270 different exposed records in the last 60 days including email addresses, combinations of passwords and emails that can be used to login to the company’s network.”
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
More articles
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze