Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Defence. Show all posts
Technology
Authentication Cyber Defence Cyberhackers Cybersecurity Rubrik Security Alert Technology

Security Update from Rubrik as Authentication Keys Are Reissued

 


In a recent report, Rubrik revealed that, last month, an unauthorized security incident compromised one of its log file servers. Rubrik has taken immediate and proactive steps to mitigate potential risks in response to this breach. As part of its remediation efforts, Rubrik has begun rotating all exposed authentication keys, which are designed to prevent potential malicious actors from exploiting these keys. 

A precautionary measure is taken by the company as a precaution to safeguard its systems and make sure that unauthorized entities cannot use the compromised credentials to gain access to the systems. As a part of its efforts to enhance its resilience against future threats, the company is actively assessing its security posture in an attempt to maintain the highest cybersecurity standards. 

This corrective action will reinforce Rubrik's commitment to protecting its infrastructure and safeguarding the integrity of its data security framework by enabling it to implement these corrective actions swiftly. 

Rubrik’s Growth, Financial Success, and Security Measures 


The company was founded in 2014 as a backup and recovery provider but has since grown into a leading security and data protection company. In the fourth quarter of Rubrik's fiscal year, ending October 31, 2024, the company raised $725 million from its initial public offering. In this quarter, Rubrik reported revenues of $236.2 million, which indicated strong market growth, which was a key indicator of Rubrik's growth. 

A security breach in Rubrik occurred in 2023 when a zero-day vulnerability (CVE-2023-0669) in Fortra's GoAnywhere MFT software gave threat actors access to Rubrik's non-production testing environment, allowing them to access Rubrik's non-production IT testing environment. While the Cl0p ransomware group has taken responsibility for this, Rubrik continues to strengthen its cybersecurity framework, which ensures that customer data is protected and that threats are mitigated at an early stage, resulting in an ongoing cybersecurity framework. 

With the launch of advanced innovations, Rubrik has made a major contribution to strengthening the cyber resilience of cloud-based, SaaS, and on-premises environments. Continuing its commitment to strengthening cyber resilience, Rubrik (NYSE: RBRK) has unveiled a series of groundbreaking innovations designed to enhance data security across several cloud, software-as-a-service (SaaS), and on-premises infrastructures. 

In addition to these enhancements, there are enhancements specifically designed to empower organizations with higher levels of capability in anticipating security breaches, identifying emerging threats, and enacting rapid, efficient recovery, regardless of where the data is located. 

As part of Rubrik's annual Cyber Resilience Summit on March 5, this company will unveil its advanced data protection solutions that are set for release during the event. This will be the first time industry leaders and cybersecurity professionals will be able to gain insight into the company's latest advances in data protection technology. 

Rubrik’s Global Presence and Industry Impact 


In the field of cybersecurity, Rubrik is a world-class company that offers backup, recovery, and data protection services. The company has established itself as a trusted partner for businesses throughout the world thanks to its strong team of more than 3,000 people. With more than 22 global offices, the organization provides cutting-edge solutions to a variety of businesses. 

With over 6,000 clients, Rubrik serves a diverse array of companies and institutions across the globe, including leading global corporations such as AMD, Adobe, PepsiCo, Home Depot, Allstate, Sephora, GSK, Honda, Harvard University, and TrelliX, among others. In an increasingly digital landscape, Rubrik is constantly innovating and expanding its security capabilities, which strengthens the company's mission of providing robust, scalable, and intelligent cybersecurity solutions. 

Rubrik Investigates Security Incident Involving Log Server Compromise 


Earlier this week, Rubrik published a security alert detailing the discovery of unusual activity on a server that stored log files. According to Rubrik's Information Security Team, the incident was first identified by cybersecurity expert Kevin Beaumont, who first reported the findings to Rubrik. As soon as the team at Rubrik detected abnormal behavior on the affected server, it immediately took it offline to eliminate any potential risks that could have occurred. 

The investigation conducted by an independent forensic cybersecurity firm, in collaboration with a forensic investigator, has revealed that the event was limited to this single server. A company spokesperson confirmed that no evidence of unauthorized access to customer data or internal code by anyone was found.

Precautionary Measures and Security Enhancements 


While Rubrik admits that the breach was confined to its log server, some log files contained access information even though Rubrik's log server was the only point of vulnerability. The company appears to be taking proactive steps to protect its system against unauthorized access, such as rotating authentication keys. However, it remains unclear how the server was compromised and what information about access has been revealed. 

Cybersecurity Dive received a further reply from Rubrik, and the company responded that, at this time, there is no indication that the information exposed has been exploited. Furthermore, it has been discovered that no signs of threat actors gaining access to Rubrik's internal development environment or customer data have been identified during the ongoing investigation.

Past Security Incidents


Several years ago, Rubrik was one of the organizations affected by the Fortra GoAnywhere vulnerability in 2023, a large-scale data breach orchestrated by the Clop ransomware group. This is not the first time Rubrik has been the target of a security event. Fortra's managed file transfer software was exposed to a zero-day vulnerability during that attack, which resulted in data theft by multiple enterprises, including Rubrik, due to a zero-day vulnerability. 

While these incidents have occurred, the company continues to implement robust security measures to ensure its cyber resilience as well as ensure that its infrastructure is protected against evolving threats in the future. 

Rubrik Unveils Advanced Data Protection and Security Enhancements 


With a range of cutting-edge innovations, Rubrik offers unmatched security, resilience, and cyber threat mitigation capabilities for the protection of critical data: 

Cloud Posture Risk Management (CPR) is an automated service for discovering, inventorying, and protecting cloud data assets based on their cloud standards. 

Cloud Protection for Oracle: Enhances Rubrik Security Cloud (RSC) capability to help safeguard the Oracle Cloud Infrastructure (OCI) databases and the Oracle Cloud VMware Solution (OCVS) databases. 

The PostgreSQL Data Protection solution helps to protect data in one of the most widely used open-source databases through robust backup security. 

The Red Hat OpenShift Back Up service provides immutable, automated backups for environments running on the Kubernetes container engine. 

A great way to back up CI/CD environments with Azure DevOps and GitHub Backup is to use Resilient Backup & GitHub Backup. 

RCV (Rubrik Cloud Vault) for Amazon Web Services: Provides air-gapped, encrypted, as well as policy-driven preservation of files. 

Data protection is strengthened by Microsoft Dynamics 365 Security - protecting data both within the organization and from customers. 

Using Salesforce Sandbox Seeding ensures that data migration from live application environments to sandboxes is efficient and error-free. 

Recovering the identity of an individual is quick, easy and malware-free thanks to Active Directory Recovery (AD) and Entra ID recovery. 

An advanced security solution for Azure & AWS that combines anomaly detection, data classification, and threat monitoring for the most specific threats.

'Turbo Threat Hunting': Delivers a rapid malware free recovery, scanning 75,000 backup files in just 60 seconds to ensure data remains safe. 
Introducing Microsoft 365 Enterprise Edition, which offers Sensitive Data Discovery, Prioritized Recovery, and Threat Intelligence tools. 

These enhancements further reinforce Rubrik's commitment to supporting proactive cyber resilience by providing secure data protection. Rubrik's proactive responses to security incidents and ongoing research in data protection also reinforce this commitment. 

A company's ability to quickly address vulnerabilities and introduce advanced security solutions sets new standards for threat detection, rapid recovery, and intelligent data protection. As cyber threats continue to evolve, organizations must prioritize strong security strategies using cutting-edge technology such as Turbo Threat Hunting and Identity Recovery to ensure their customers are protected from threats. 

It is Rubrik's steadfast commitment to safeguarding enterprise data that enables businesses to navigate digital challenges with a degree of confidence, agility, and resilience that sets it apart.
Read more »
Russia cyber threats
Cyber Defence Cyber Security Cyber Warfare FBI Russia Russia cyber threats

U.S. Pauses Offensive Cyberoperations Against Russia Amid Security Concerns

 

Defense Secretary Pete Hegseth has paused offensive cyberoperations against Russia by U.S. Cyber Command, rolling back some efforts to contend with a key adversary even as national security experts call for the U.S. to expand those capabilities. A U.S. official, speaking on condition of anonymity to discuss sensitive operations, on Monday confirmed the pause. 

Hegseth’s decision does not affect cyberoperations conducted by other agencies, including the CIA and the Cybersecurity and Infrastructure Security Agency. But the Trump administration also has rolled back other efforts at the FBI and other agencies related to countering digital and cyber threats. The Pentagon decision, which was first reported by The Record, comes as many national security and cybersecurity experts have urged greater investments in cyber defense and offense, particularly as China and Russia have sought to interfere with the nation’s economy, elections and security. 

Republican lawmakers and national security experts have all called for a greater offensive posture. During his Senate confirmation hearing this year, CIA Director John Ratcliffe said America’s rivals have shown that they believe cyberespionage — retrieving sensitive information and disrupting American business and infrastructure — to be an essential weapon of the modern arsenal. “I want us to have all of the tools necessary to go on offense against our adversaries in the cyber community,” Ratcliffe said. Cyber Command oversees and coordinates the Pentagon’s cybersecurity work and is known as America’s first line of defense in cyberspace. It also plans offensive cyberoperations for potential use against adversaries. 

Hegseth’s directive arrived before Friday’s dustup between President Donald Trump and Ukrainian President Volodymyr Zelenskyy in the Oval Office. It wasn’t clear if the pause was tied to any negotiating tactic by the Trump administration to push Moscow into a peace deal with Ukraine. Trump has vowed to end the war that began when Russia invaded Ukraine three years ago, and on Monday he slammed Zelenskyy for suggesting the end to the conflict was “far away.” 

The White House did not immediately respond to questions about Hegseth's order. Cyber warfare is cheaper than traditional military force, can be carried out covertly and doesn’t carry the same risk of escalation or retaliation, making it an increasingly popular tool for nations that want to contend with the U.S. but lack the traditional economic or military might, according to Snehal Antani, CEO of Horizon3.ai, a San Francisco-based cybersecurity firm founded by former national security officers. Cyberespionage can allow adversaries to steal competitive secrets from American companies, obtain sensitive intelligence or disrupt supply chains or the systems that manage dams, water plants, traffic systems, private companies, governments and hospitals. The internet has created new battlefields, too, as nations like Russia and China use disinformation and propaganda to undermine their opponents. 

Artificial intelligence now makes it easier and cheaper than ever for anyone — be it a foreign nation like Russia, China or North Korea or criminal networks — to step up their cybergame at scale, Antani said. Fixing code, translating disinformation or identifying network vulnerabilities once required a human — now AI can do much of it faster. “We are entering this era of cyber-enabled economic warfare that is at the nation-state level,” Antani said. “We’re in this really challenging era where offense is significantly better than defense, and it’s going to take a while for defense to catch up.” Meanwhile, Attorney General Pam Bondi also has disbanded an FBI task force focused on foreign influence campaigns, like those Russia used to target U.S. elections in the past. And more than a dozen people who worked on election security at the Cybersecurity and Infrastructure Security Agency were put on leave. 

These actions are leaving the U.S. vulnerable despite years of evidence that Russia is committed to continuing and expanding its cyber efforts, according to Liana Keesing, campaigns manager for technology reform at Issue One, a nonprofit that has studied technology’s impact on democracy. “Instead of confronting this threat, the Trump administration has actively taken steps to make it easier for the Kremlin to interfere in our electoral processes,” Keesing said.
Read more »
MirrorFace
Cyber Defence Cyber Security DDoS Hacker attack Hacker group Japan Japan Cyber Security MirrorFace

Japan’s New Active Cyber Defence Strategy to Counter Growing Threats

 

Japan is taking decisive steps to enhance its cybersecurity through a new strategy of “active cyber defence.” This approach enables authorized hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers and neutralize cyber-attack sources before they cause significant damage. The ruling Liberal Democratic Party (LDP), led by Prime Minister Shigeru Ishiba, plans to introduce relevant legislation during the current parliamentary session. The urgency for stronger cybersecurity measures has escalated due to recent attacks. 

The National Police Agency (NPA) revealed that the Chinese state-linked hacking group MirrorFace was responsible for over 200 cyberattacks targeting Japan’s foreign ministries and semiconductor industry between 2019 and 2024. Additionally, cyber incursions since late December 2024 disrupted financial services, delayed flights, and exposed vulnerabilities in Japan’s critical infrastructure. Japan’s revised 2022 National Security Strategy identifies cyberattacks as a growing threat, likening cross-border hacks of civilian infrastructure to intimidation tactics that stop short of war. 

This has prompted Japan to expand its SDF cyber unit from 620 members in March 2024 to about 2,400 today, with plans to reach 4,000 personnel by 2028. However, this remains small compared to China’s estimated 30,000-member cyber-attack force. The proposed active defence strategy aims to bolster cooperation between public and private sectors, focusing on safeguarding critical infrastructure, such as energy, transportation, finance, and telecommunications. Japan also plans to establish a National Cyber Security Office in 2025 to coordinate cybersecurity policy, identify vulnerabilities, and advise private sector organizations. 

To prevent misuse, strict safeguards will accompany the strategy. Hackers will need prior approval to break into servers unless immediate action is required during active attacks. Penalties will address excessive monitoring or personal data leaks, ensuring transparency and public trust. Trend Micro’s recent findings underscore the importance of these measures. The security firm attributed recent cyberattacks to distributed denial-of-service (DDoS) campaigns launched by botnets. These attacks overwhelmed network servers with data, causing widespread disruptions to services like Japan Airlines and major banks. 

While Japan’s proactive approach is a significant step forward, experts like Professor Kazuto Suzuki caution that it may not deter all attackers. He notes that cyber deterrence is challenging due to the unpredictability of attackers’ methods. However, this strategy is expected to instill some fear of retaliation among hackers and strengthen Japan’s cybersecurity posture. As cyber threats evolve, Japan’s active defence initiative represents a critical effort to protect its infrastructure, economy, and national security from escalating digital risks.
Read more »
Digital Security
Chief Information Security Office CISO CISO role Cyber Defence Cyber Privacy Cyber Security Digital Security

Why T-POT Honeypot is the Premier Choice for Organizations

 

In the realm of cybersecurity, the selection of the right tools is crucial. T-POT honeypot distinguishes itself as a premier choice for various reasons. Its multifaceted nature, which encompasses over 20 different honeypots, offers a comprehensive security solution unmatched by other tools. This diversity is pivotal for organizations, as it allows them to simulate a wide range of network services and applications, attracting and capturing a broad spectrum of cyber attacks. 
 
Moreover, the integration with the custom code developed by the Cyber Security and Privacy Foundation is a game-changer. This unique feature enables T-POT to send collected malware samples to the Foundation's threat intel servers for in-depth analysis. The results of this analysis are displayed on an intuitive dashboard, providing organizations with critical insights into the nature and behaviour of the threats they face. This capability not only enhances the honeypot's effectiveness but also provides organizations with actionable intelligence to improve their defence strategies. 
 
The ability of T-POT to provide real-time, actionable insights is invaluable in today’s cybersecurity landscape. It helps organizations stay one step ahead of cybercriminals by offering a clear understanding of emerging threats and attack patterns. This information is crucial for developing robust security strategies and for training cybersecurity personnel in recognizing and responding to real-world threats. 
 
In essence, T-POT stands out not only as a tool for deception but also as a platform for learning and improving an organization’s overall cybersecurity posture. Its versatility, combined with the advanced analysis capabilities provided by the integration with the Cyber Security and Privacy Foundation's code, makes it an indispensable tool for any organization serious about its digital security. The honeypot api analyses malware samples and the result of the honeypot can be seen on the backend dashboard. 
 
Written by: Founder, cyber security and privacy foundation.
Read more »
Yahoo
Cyber Defence Cyber Security Digital World Geopolitical Protocols Russian Security Framework supply chain security Ukraine Yahoo

Russian Hackers Target Ukraine's Fighter Jet Supplier

 

A cyberattack on a Ukrainian fighter aircraft supplier has been reported, raising concerns about whether cybersecurity risks in the region are increasing. The incident—attributed to Russian hackers—highlights the need to have robust cyber defense strategies in a world where everything is connected.

According to a recent article in The Telegraph,  the cyber attack targeted Ukraine's key supplier for fighter jets. The attackers, suspected to have ties to Russian cyber espionage, aimed to compromise sensitive information related to defense capabilities. Such incidents have far-reaching consequences, as they not only threaten national security but also highlight the vulnerability of critical infrastructure to sophisticated cyber threats.

Yahoo News further reports that Ukrainian cyber defense officials are actively responding to the attack, emphasizing the need for a proactive and resilient cybersecurity framework. The involvement of top Ukrainian cyber defense officials indicates the gravity of the situation and the concerted efforts being made to mitigate potential damage. Cybersecurity has become a top priority for nations globally, with the constant evolution of cyber threats necessitating swift and effective countermeasures.

The attack on the fighter jet supplier raises questions about the motivations behind such cyber intrusions. In the context of geopolitical tensions, cyber warfare has become a tool for state-sponsored actors to exert influence and gather intelligence. The incident reinforces the need for nations to bolster their cyber defenses and collaborate on international efforts to combat cyber threats.

As technology continues to advance, the interconnectedness of critical systems poses a challenge for governments and organizations worldwide. The Telegraph's report highlights the urgency for nations to invest in cybersecurity infrastructure, adopt best practices, and foster international cooperation to tackle the escalating threat landscape.

The cyberattack on the supplier of fighter jets to Ukraine is an alarming indicator of how constantly changing the dangers to global security are. For countries to survive in the increasingly digital world, bolstering cybersecurity protocols is critical. The event emphasizes the necessity of a proactive approach to cybersecurity, where cooperation and information exchange are essential components in preventing cyberattacks by state-sponsored actors.
Read more »
Threat actors
Artificial Intelligence Cyber Defence Cyber Security Cyberspace Global Economy International Cooperation Malicious actor Military Intelligence Threat actors

Cyber Militarization: Navigating the Digital Battlefield

Technology and the internet are now ubiquitous, creating vulnerabilities and enabling the militarization of cyberspace. This trend poses a number of threats to global security, including accidental or deliberate conflict between states, empowerment of non-state actors, and new arms races. The international community must cooperate to address this issue, developing norms and rules, building trust, and investing in cybersecurity.

Cyberspace once considered a relatively neutral domain for communication and information sharing, is now increasingly becoming a battlefield where nation-states vie for power and influence. The articles linked in this discussion shed light on the complex issue of militarization in cyberspace.

Kaspersky, a leading cybersecurity company, delves into the subject in their blog post, "How to Deal with Militarizing Cyberspace." They emphasize the growing concerns about the use of cyberspace for military purposes, such as cyberattacks and espionage. This article emphasizes the need for international cooperation and cybersecurity measures to address the challenges posed by this evolving landscape.

In the blog post from EasyTech4All, titled "The Inevitability of Militarization of CyberAI," the focus is on the convergence of artificial intelligence and cyber warfare. It highlights the significant role AI plays in enhancing military capabilities in cyberspace. This shift underlines the need for discussions and regulations to govern the use of AI in military operations.

Additionally, the document from the Cooperative Cyber Defence Centre of Excellence (CCDCOE) titled "The Militarization Of Cyberspace" offers an in-depth examination of the historical context and evolution of militarization in cyberspace. It explores the various facets of this phenomenon, from the development of offensive cyber capabilities to the establishment of cyber commands in military structures.

The militarization of cyberspace raises critical questions about the use of cyber tools for aggressive purposes, the potential for escalation, and the importance of international agreements to prevent cyber warfare. The interconnectedness of the global economy and critical infrastructure further amplifies the risks associated with cyber warfare.

To address these challenges, a multi-faceted approach is essential. This includes the development of international norms and regulations governing cyber warfare, cooperation between nations, investment in cybersecurity, and continuous monitoring of cyber threats.

Cyberspace militarization is a complex and evolving issue that requires our attention. By exploring the articles and materials provided, we gain a glimpse into the many facets of this challenge, from its historical roots to the use of AI in warfare. As technology advances, it becomes increasingly important to use cyberspace in an ethical and responsible manner. It is up to us all to ensure that the digital realm remains a force for good and progress, rather than a catalyst for instability and conflict.

Read more »
Security Culture
Cyber Defence Cyber Security HR Department HR Responsibility Human Resource Security Culture

Responsibilities of an HR to Strengthen Their Company’s Cyber Defenses


Suppose a company is hit by a ransomware attack today, who will the company personnel call or rely on, to remediate their issue. Most probably, a cybersecurity expert. However, companies nowadays go numb in the initial hours of the incident, since nobody knows anyone’s phone numbers. Lack of access to emails or messaging systems results in a halt, leading to customers and workers just wondering what is going on. This panic further intensifies into a full-blown crisis.

While this may look like a job of the IT and security department, protecting a company reduces down to two ideas – organizational culture and planning – something that comes under the command of human resources. 

The HR department is in a unique position to integrate cybersecurity readiness into an organization's daily operations.Too reduce risks and make sure the company has the skills necessary to be resilient to foreseen difficulties, which include cyberattacks, it is responsible for developing policies and procedures. Additionally, HR departments themselves are major targets for hackers as they are the stewards of employees' private and sensitive information. However, this vital role of the HR team is highly overlooked.

In regards to this, Claudette McGowan, CEO of cybersecurity company Protexxa has mentioned some ways that could help HR make their companies a rather tough target for cybercriminals. We are listing some of these suggestions:

Build a Security Culture 

With the growing cyberspace culture, one can only imagine how many digital issues can be lobbed at a time, making it challenging to determine them all. A strong cybersecurity culture comes to the resort, since it helps organizations to protect themselves against attacks, and minimizes the radius of attack in case it has already been executed. 

However, for this, everyone must be on the same page when it comes to online behaviours. 

To ensure this, HR must make sure that the company is equipped with training tools so that employees can determine what should and should not be done. 

Integrating cybersecurity into performance appraisals is the greatest approach to guarantee that everyone perceives it as a crucial part of their responsibilities. This should not involve criticizing employees for each dubious link they click on. Instead, it ought to be a productive discussion about how they are progressing with their cyber literacy education. Employees can utilize cyber health-check tools to examine their online behaviour and resolve vulnerabilities (such as reusing Pa$$w0rd throughout the majority of the internet or not using two-factor authentication), and similar tools are frequently used to monitor progress toward cybersecurity goals at the organizational level.

Stop Hoarding Data 

The HR department should be active when it comes to updating its data retention policy. ‘Updating,’ since companies are already encompassed with a data retention policy. If not, then the company is bound to hoard this data forever, which may expose it to several risks. The more data a company has, the worse a breach is, especially if the company is storing data that is no longer in use. 

Determine ‘Who Calls the Shots’ in Case of a Breach 

In times of crisis, while everyone may have an opinion on ‘what should be done,’ it should priorly be decided who holds the decision-making power. 

The only requirement in the job description for incident commanders is that they be the person who knows their company's cybersecurity concerns the best. Depending on the size of your company, that may be the head of IT, the cybersecurity leader, or Joanne in accounting who has taken a few courses in this area. Whoever it is, HR must make sure to recognise it and make it apparent to the team before an issue occurs.

Finally, Note the Contacts Down

However old school and mundane it may sound, but contact numbers of the incident team must be noted down, and the list should be updated without fail to make sure that an ‘professional’ is at standby to help an organization resolve the issues systematically.  

Read more »
USA
Cyber Attacks Cyber Defence GoDaddy USA

GoDaddy, a Web Hosting Provider Hit Multiple Times by the Same Group

 

This month, GoDaddy, a leading web hosting provider, revealed that it had experienced a major security breach over several years, resulting in the theft of company source code, customer and employee login credentials, and the introduction of malware onto customer websites. 

It means that the hackers were able to access and modify certain websites hosted by GoDaddy, in a way that allowed them to install malicious software (malware) onto these websites. This malware could then potentially harm visitors to these sites by stealing their personal information, infecting their devices, or performing other malicious actions. 

While much of the media attention has focused on the fact that GoDaddy was targeted by the same group of hackers in three separate attacks. The threat actors typically employ social engineering tactics such as calling employees and luring them to a phishing website. 

While reporting the matter to the U.S. Securities and Exchange Commission (SEC) the company said that the same group of hackers was responsible for three separate security breaches, including: 

In March 2020, a phishing attack on an employee resulted in compromised login credentials for around 28,000 GoDaddy customers and a few employees. 

In November 2021, attackers stole source code and information related to 1.2 million customers by using a compromised GoDaddy password, including website administrator passwords, sFTP credentials, and private SSL keys. 

In December 2022, hackers accessed GoDaddy's cPanel hosting servers and installed malware that redirected some customer websites to malicious sites intermittently. 

We don't have much information about the cause of the November 2021 incident, except that GoDaddy has said it involved a compromised password and took two months to discover. For the December 2022 malware breach, GoDaddy has not disclosed how it occurred. 

However, we do know that the March 2020 attack was initiated through a spear-phishing attack on a GoDaddy employee. While GoDaddy had initially described the incident as a social engineering attack, one of their affected customers actually spoke directly to one of the hackers involved. 

GoDaddy is a company with around 7,000 employees and an additional 3,000 workers through outsourcing firms in India, the Philippines, and Colombia. 

When employees log in to company resources online, many companies require them to use a one-time password along with their regular username and password. This password can be sent via SMS or generated by an app. But this type of security measure can be easily bypassed by phishing attacks that ask for a one-time password along with the regular password. 

However, using physical security keys is a multi-factor option that is resistant to advanced phishing scams. These keys are inexpensive USB devices that implement Universal 2nd Factor (U2F) multi-factor authentication. 

Physical security keys are small devices that can help protect your online accounts from being hacked. When you log in to your account, you have to insert the key and press a button on it to complete the login process. This makes it hard for hackers to steal your password or trick you into giving it away. Even if you accidentally go to a fake website, the security key won't work and your account will stay safe.
Read more »
Subscribe to: Posts (Atom)