Skip to main content
banner image
venafi logo

GoDaddy Breach Compromises SSH Credentials. Are These Attacks Becoming More Common?

GoDaddy Breach Compromises SSH Credentials. Are These Attacks Becoming More Common?

go daddy ssh breach
May 6, 2020 | Emil Hanscom


Secure Shell (SSH) provides an authenticated connection between two machines, enabling encrypted data communications and remote command execution.
 

SSH machine identities, also known as SSH keys, control workloads running in cloud computing environments, data center operations, critical infrastructure, VPN connections and more. In addition, SSH keys provide privileged access to critical systems like servers and databases.



 

SSH keys are incredibly lucrative targets for attackers and they are often involved in data breaches. In early May, popular online hosting company, GoDaddy, announced they were hit by a data breach that impacted 28,000 users’ SSH credentials. The breach took place in October 2019, and GoDaddy sent affected customers the following message:


We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account.”

 

“This breach underlines just how important SSH security is,” says Yana Blachman, threat intelligence specialist at Venafi. “SSH is used to access an organization’s most critical assets, so it’s vital that organizations stick to the highest security level of SSH access and disable basic credential authentication and use machine identities instead.”
 

Blachman recently analyzed a variety of malware campaigns to see how bad actors used SSH in their attacks. Until recently, only the most sophisticated, well-financed Advanced Persistent Threats (APT) were using SSH. Now, it seems that there is a ‘trickle-down’ effect, where SSH capabilities are becoming part of “off-the-shelf” commodity malware.
 

As SSH attacks and data breaches become more common, organizations must protect themselves. “This involves implementing strong private-public key cryptography to authenticate a user and a system,” continues Yana. “Alongside this, organizations must have visibility over all their SSH machine identities in use across the datacenter and cloud, and automated processes in place to change them. SSH automates control over all manner of systems, and without full visibility into where they’re being used, cyber attackers will continue to target them.”
 

How do you protect against SSH abuse?



 

Related posts

Like this blog? We think you will love this.
how ssh works
Featured Blog

How Secure Shell (SSH) Keys Work

How it works SSH is a type of network protocol that creates a cryptographically secure

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more