Thoughts On The GoDaddy Hack

If you don’t already know, GoDaddy was the victim of a successful mass hacking attempt. Discovered in mid November, the intruders are suspected to have been rummaging around since the beginning of September.

As more data became available, it was discovered that many GoDaddy subsidiaries were also part of the hack.

More than 1 million sites are potentially affected.

We feel for the folks over there – it’s going to take a long time to clean up the mess.

Unfortunately, If you’re a large company (and GoDaddy qualifies as “large”) you will get hacked.

Why?

Because the weak link in any company is humans.

And large companies have thousands of humans involved – GoDaddy had 6600+ employees in 2020 and has acquired a number of companies since.

All it takes is for one person to be having a bad day and let down their guard. Then boom – the bad guys have a foot-hold.

Or, in the case of nation-state attacks, the promise of a six or seven figure payout just for providing a few letters and numbers.

Large companies will get hacked – it’s a virtual guarantee.

There are things that larger companies can do to reduce the attack surface though. Some of them are:

  • 2FA for all employees on all systems
  • Password and other sensitive data encrypted at rest
  • Assume you’re already hacked and have exfiltration sensors in place

From what’s been made public, it seems that GoDaddy did not have some of these things in place.

Which caused the damage to be much more widescale than it should have been.

But we’re not writing this article to pick on GoDaddy – afterall, hacks can happen to just about anyone these days.

The Opportunity For Smaller Companies

As more and more successful hacks of larger companies become public it presents an opportunity for smaller companies to differentiate themselves.

Smaller companies still have to depend on larger companies for certain infrastructure (such as AWS, AZURE, GCP etc.). But they can be more aggressive with monitoring because they’re monitoring fewer resources.

For example, it would be almost impossible for GoDaddy to send an alert to a slack channel every time a SUDO or ROOT user logged into a server or every time a password is changed.

But a smaller company with, say, 100 servers, can easily do that.

Smaller companies have a much closer relationship with their customers and better understand their usage patterns. A root login at an odd time will be much more noticeable.

Smaller companies also fly under the radar of most attackers. Attackers like to go after big game because, in many cases, it takes almost the same amount of effort to hack a large company as it does a small one. But the payoff with larger companies is much more lucrative.

What Does This Have To Do With WPCD?

If you’re a WordPress agency using large hosting companies such as GoDaddy, WP Engine, SiteGround etc. for your client sites, maybe it’s time for you to rethink that position.

Yes, larger companies bring a lot to the table for you – referral commissions, pretty dashboards, 24×7 support, server management and more. But their weaknesses also become your weaknesses.

Can you imagine what all the WP agencies using GoDaddy have to deal with now? Not only do they have to inform their customers about the potential information breach but those customers in turn will have to disclose to their end users as well.

Maybe it’s time to bring management of your sites and their associated servers under your control. Because you know your customers better and can therefore do a better job of keeping an eye on their servers and sites.

You’ll still rely on the big boys for the VMs (but if you really wanted to you can use smaller players there as well.)

In addition, you can make your familiarity and closer monitoring a selling point when pitching your services to potential customers. Your smaller size becomes an advantage.

Automatic Notification Of New Articles

Sign up to get automatic notifications of new articles.  This is a different list than our standard list - you only get new articles once a week (usually on Mondays).  No other emails will be sent unless you sign up for our general list as well.

Posted in