Final week, the infamous hacker gang, ShinyHunters, despatched shockwaves throughout the globe by allegedly plundering 1.3 terabytes of information from 560 million customers. This colossal breach, with a price ticket of $500,000, may expose the private info of a large swath of a dwell occasion firm’s clientele, igniting a firestorm of concern and outrage.
Let’s evaluation the information: two giant organizations introduced that they suffered a data breach, figuring out unauthorized exercise inside a third-party cloud database surroundings. The accessed enterprise information contained essential info on some staff, a lot of prospects and different key enterprise information.
The cloud connection
What would possibly hyperlink these two breaches is the cloud information firm Snowflake, which counts amongst its customers each organizations. Snowflake did publish a warning with CISA, indicating a “current enhance in cyber risk exercise concentrating on buyer accounts on its cloud information platform.” Snowflake issued a suggestion for customers to question the database logs for uncommon exercise and conduct additional evaluation to stop unauthorized person entry.
In a separate communique, Snowflake CISO Brad Jones was clear that the Snowflake system itself was not breached. In accordance with Jones, “this seems to be a focused marketing campaign directed at customers with single-factor authentication,” and risk actors have leveraged credentials beforehand obtained by means of numerous strategies.
Snowflake additionally listed some suggestions for all prospects, like imposing multi-factor authentication (MFA) on all accounts, organising community coverage guidelines to permit entry to the cloud surroundings solely from pre-set trusted places, and resetting and rotating Snowflake credentials.
Simplifying cybersecurity
We are likely to romanticize cybersecurity – and it’s an extremely tough and complicated self-discipline in IT. Nonetheless, not all cybersecurity challenges are equally laborious. The steerage supplied by Snowflake actually makes this level: MFA is a should. It’s an extremely efficient device towards a variety of cyberattacks, together with credential stuffing.
Analysis finished by the cloud security firm Mitiga claims the Snowflake-incidents are a part of a marketing campaign the place a risk actor is utilizing stolen buyer credentials to focus on organizations utilizing Snowflake databases. In accordance with the revealed analysis, “the risk actor primarily exploited environments missing two-factor authentication,” and the assaults usually originated from business VPN IPs.
Insurance policies are solely as efficient as their implementation and enforcement. Applied sciences like company single sign-on (SSO) and MFA could be in place, however not actually enforced throughout all environments and customers. There ought to be no risk that customers can nonetheless authenticate utilizing username/password outdoors of SSO to achieve any company useful resource. The identical is true for MFA: as a substitute of self-enrollment, it ought to be obligatory for all customers throughout all methods and all environments, together with cloud and third-party companies.
Are you in full management?
There isn’t any cloud – it is simply another person’s laptop, because the outdated saying goes. And when you (and your group) do get pleasure from numerous entry to that laptop’s assets, finally that entry isn’t full, a limitation inherent to cloud computing. Multi-tenant cloud applied sciences obtain economies of scale by limiting what a single buyer can do on that “laptop”, and that generally contains the power to implement security.
A living proof is automated password rotation. Trendy privileged entry administration instruments like One Id Safeguard can rotate out passwords after use. This makes them successfully single-use, and immunizes the surroundings towards credential stuffing assaults, but additionally towards extra refined threats like keyloggers, which had been used within the LastPass hack. Nonetheless, the API that gives this characteristic must be current. Snowflake does present the interface to replace person passwords, so it was on the client to make use of it and rotate passwords on a usage-based or time-based method.
When selecting the place to host business-critical information, make certain the platform presents these APIs by means of privileged id administration and means that you can carry the brand new surroundings beneath your company security umbrella. MFA, SSO, password rotation and centralized logging ought to all be basic necessities on this risk panorama, as these options enable the client to guard the info on their finish.
The non-human id
One distinctive side of recent know-how is the non-human id as a risk vector. For instance, RPA (robotic course of automation) instruments, and likewise service accounts are trusted to carry out some duties on the database. Defending these identities is an attention-grabbing problem, as out-of-band mechanisms like push notifications or TOTP tokens aren’t possible for service account use instances.
Non-human accounts are beneficial targets for attackers as they normally have very highly effective permissions to carry out their duties. Defending their credentials ought to all the time be a precedence for security groups. Snowflake makes use of a large number of service accounts to function the answer, and developed a collection of weblog posts on tips on how to defend these accounts and their credentials.
It is all about the price
Cybercriminals have brutally easy logic: maximize revenue by automating mass assaults and goal giant swimming pools of victims with easy however efficient strategies. Credential stuffing assaults, like the kind of assault used towards Snowflake tenants, are one of many least expensive assault strategies – the 2024 equal of e-mail spam. And according to its low price, it ought to be nearly 100% ineffective. The truth that at the least two main organizations misplaced a major quantity of essential information paints a bleak image of our present state of worldwide cybersecurity.
Conclusion
By implementing easy controls like SSO, MFA and password rotation, the price of large-scale assaults turns into prohibitive. Whereas this does not imply focused assaults will not succeed or assaults by non-profit superior persistent threats (APTs) can be utterly deterred, it does make mass assaults on this assault vector unfeasible, making everybody a bit safer.
