June 10, 2024

Snowflake’s customer breaches make 2024 the year of the identity siege

By Cloud Syndicate

Snowflake’s customer breaches

Identities are best-sellers on the dark web, proving to be the fuel that drives billions of dollars of fraud every year. Breaches on SantanderTicketMasterSnowflake, and most recently, Advanced Auto PartsLendingTree, and its subsidiary QuoteWizard show how quickly attackers refine their tradecraft to prey on organizations’ security weaknesses. TechCrunch has verified that hundreds of Snowflake customer passwords found online are linked to information-stealing malware. Snowflake’s decision to make multi-factor authentication (MFA) optional instead of required contributed in part to the siege of identities their breached customers are experiencing today.

Cybercrime gangs, organizations and nation-states are so confident in their ability to execute identity breaches that they’re allegedly interacting with cybercrime intelligence providers over Telegram to share the details. The latest incident that reflects this growing trend involves cybercrime intelligence provider Hudson Rock publishing a detailed blog post on May 31 detailing how threat actors successfully breached Snowflake, claiming to have had a Telegram conversation with the threat actor who also breached Santander Bank and TicketMaster.

Their blog post, since taken down, explained how the threat actor was able to sign into a Snowflake employee’s ServiceNow account using stolen credentials to bypass OKTA. Once inside Snowflake’s systems, the blog post alleges attackers generated session tokens that enabled them to move through Snowflake’s systems undetected and exfiltrate massive amounts of data.

Single-factor authentication is an attack magnet

Snowflake configures its platform with single-factor authentication by default. Their documentation states that “by default, MFA is not enabled for individual Snowflake users. If you wish to use MFA for a more secure login, you must enroll using the Snowflake web interface.” CrowdStrikeMandiant and Snowflake found evidence of a targeted campaign directed at users who have single-factor authentication enabled. According to a June 2nd community forum update, threat actors are “leveraging credentials previously purchased or obtained through infostealing malware.” CISA has also issued an alert for all Snowflake customers.

Snowflake, CrowdStrike and Mandiant found that the attackers had obtained a former Snowflake employee’s personal credentials to access demo accounts. The demo accounts didn’t contain sensitive data and weren’t connected to Snowflake’s production or corporate systems. Access happened because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems. Snowflake’s latest community forum update claims there’s no evidence suggesting the customer breaches are caused by a vulnerability, misconfiguration or breach of Snowflake’s platform.

Tens of millions are facing an identity security nightmare

Up to 30 million Santander banking customers’ credit card and personal data were exfiltrated in one of the largest breaches in the bank’s history. Five hundred sixty million TicketMaster customers also had their data exfiltrated during a separate breach targeting the entertainment conglomerate. The stolen data set includes customer names, addresses, emails, phone numbers, and credit card details. Threat actors ShinyHunters took to the revived BreachForums hacking forum the FBI had previously shut down, offering 560 million TicketMaster customers’ data for $500,000…

Read full source: VentureBeat

By Louis Columbus

Cloud Syndicate

Welcome to the 'Cloud Syndicate,' a curated community featuring short-term guest contributors, curated resources, and syndication partners covering diverse technology topics. Connect your technology article or news feed to our syndication network for broader visibility. Explore the intersections of cloud computing, Big Data, and AI through insightful articles and engaging podcasts. Stay ahead in the dynamic world of technology with our platform for thought leadership and industry news.

Join us as we delve into the latest trends and innovations.
The Lighter Side Of The Cloud
Derek Pilling

Is My Data Architecture Multi-Cloud or Multiple Cloud?

Multi-Cloud or Multiple Cloud? In the post, What is Multi-Cloud?, we defined multi-cloud in the [...]
Read more
Surya Kant Verma

Choosing the Right Cloud Platform: A Guide to Finding Secure, Cost-Efficient Solutions

Choosing the Right Cloud Platform Cloud computing has revolutionized how organizations work, offering an increased [...]
Read more
Mariusz Michalowski

Streamlining Infrastructure Management with Terraform Automation

Streamlining Infrastructure Management The growth of cloud computing and infrastructure as code (IaC) practices has [...]
Read more
Daniel Barber

Q&A Daniel Barber – 2024 AI + Data Privacy Predictions

2024 AI + Data Privacy Predictions In a recent interview with CloudTweaks, Daniel Barber, Co-Founder [...]
Read more

SIEM Tools: Cloud-Based vs. On-Premises

What Are SIEM Tools? SIEM tools are designed to help security professionals identify, track, and [...]
Read more

Leading Data Virtualization Solutions: 10 Services Transforming Data Management

10 Services Transforming Data Management Data virtualization is a technology that allows for the integration [...]
Read more
Unlock unparalleled exposure for your brand with CloudTweaks' premium sponsorship and advertising programs. Reach a global audience, amplify your message, and drive growth with our tailored solutions. Partner with us today and elevate your marketing strategy to new heights!
© 2024 CloudTweaks. All rights reserved.