THE TIBERIUM BLOG - recent events, threats, and all things cyber

The Number Of The Beast

Kevin Whelan - Chief Research Officerby on Categories Tiberium Tuesday

777 cyber incidents supported by the UK NCSC in the past 12 months 

Last week the UK National Cyber Security Centre (NCSC- part of GCHQ) released its annual review and very interesting reading it makes. 

With every passing year, the ‘hands on’ services of the NCSC increasingly support both the public and private sectors, announcing that this year it offered wrap-around support for ‘777 cyber incidents, including attacks on coronavirus vaccine research, distribution, and supply chains’; no less than 20 percent of which were targeted at the healthcare sector,  

On behalf of the NHS alone, The Active Cyber Defence programme has taken down 2.3 million cyber-enabled commodity campaigns, 442 phishing campaigns using NHS branding, and 80 illegitimate NHS apps hosted and available to download outside of official app stores. 

Nation-state and organised crime activity against health services during a pandemic? To our mind these are very serious crimes which require global, regional, let alone national, support. It can only be a matter of time before treaties like SALT3  include cyber activity. The sooner the better!  

Hats off to the NCSC who are really good people doing great work in a very tough environment. Thank you. 

We have all heard of and most of us use the services of the biggest domain registrar and web hosting company GoDaddy which has been growing and growing since 1999 (mostly) by acquisition since 1997 and now has more than more than 20 million customers and over 7,000 employees worldwide. 

This week, GoDaddy reported a breach in which the details of 1.2 Million managed WordPress users have been exposed

“Up to 1.2 million active and inactive Managed WordPress customers had their email addresses and customer numbers exposed. The third-party also gained access to the WordPress Admin password for these accounts, as well as the sFTP database username and password for active customers. For a “subset of active customers” the SSL private key was also exposed.” 

It turns out that the intrusion started on September 12th 2021 and has spread to these GoDaddy brands: 

The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action. 

If you use the services of any of these brands, or have dormant registrations for your private or business sites, we recommend the following (even if you have heard from the GoDaddy brand): 

  • Request details of what information was breached from your provider 
  • Review all GoDaddy accounts for any suspicious activity: Logins, admin details or billing detail changes. 
  • Change all passwords for GoDaddy accounts to minimise the risk of unauthorised access. 
  • Migrate to a static WordPress hosting solution. 
  • Closely monitor any credit cards or bank accounts tied to a GoDaddy Account. 
  • Freeze or close any financial accounts that may have been compromised. 
  • Do not provide any personal or otherwise sensitive information in response to an email purportedly sent by GoDaddy. 
  • If you have been seriously impacted and are in the USA, contact a GoDaddy data breach lawyer because a class action law suit is inevitable. 

As part of our ongoing commitment to gathering data for threat intelligence purposes, we would very much appreciate any reports of real impact on our customer’s sites, please use the regular Microsoft Teams channels to contact us. 

Tiberium can offer consultancy services to help you determine your exposure to this breach, please contact us if you need assistance. Please do not underestimate the potential outcomes for your business or personal online security

If you are a Tiberium MYTHIC customer and use the registration services of these brands, we will factor this in to our regular threat hunting activities and report back to you as usual. 

If you are not yet a Tiberium managed services customer, we would very much like to share our vision, capabilities and success stories with you. Our FROST and MYTHIC services are at the leading edge of innovation, automation and measurable value. Please contact us. We have moved to new offices in Holborn and would love the opportunity to meet you in person at ours, yours, or even online. 

Frost and Mythic
FROST & MYTHIC

And so we come to the song. The Number Of The Beast was from Iron Maiden’s studio album of the same name released in 1982. Apparently inspired by the Omen film and the poem Tam o’ Shanter by Robert Burns published in 1791.  

Tam faces his dangers by hitting the bottle hard. Times change, contact us first: 

Inspiring bold  John Barleycorn

What dangers thou canst make us scorn! 

Wi’ tippenny, we fear nae evil; 

Wi’ usquabae, we’ll face the devil! 

The Number Of The Beast is, of course, 666. Allowing for daemonic inflation we think the NCSC’s 777 incident engagements in the last year is a fantastic contribution to the power of good.

Source of Information: GoDaddy Data Breach: What Does This Mean for Customers? What Can You Do About It? | Console and Associates, P.C. – JDSupra

Blog subscription banner
Share on: