Cloud computing and analytics firm Snowflake mentioned a “restricted quantity” of its prospects have been singled out as a part of a focused marketing campaign.
“Now we have not recognized proof suggesting this exercise was brought on by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” the corporate mentioned in a joint assertion together with CrowdStrike and Google-owned Mandiant.
“Now we have not recognized proof suggesting this exercise was brought on by compromised credentials of present or former Snowflake personnel.”
It additional mentioned the exercise is directed towards customers with single-factor authentication, with the unidentified risk actors leveraging credentials beforehand bought or obtained by information-stealing malware.
“Risk actors are actively compromising organizations’ Snowflake buyer tenants through the use of stolen credentials obtained by infostealing malware and logging into databases which can be configured with single issue authentication,” Mandiant CTO Charles Carmakal mentioned in a publish on LinkedIn.
Snowflake can be urging organizations to allow multi-factor authentication (MFA) and restrict community visitors solely from trusted places.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA), in an alert issued on Monday, really useful organizations comply with the steerage outlined by Snowflake to hunt for indicators of surprising exercise and take steps to forestall unauthorized consumer entry.
An analogous advisory from the Australian Alerts Directorate’s Australian Cyber Safety Centre (ACSC) warned of “profitable compromises of a number of firms using Snowflake environments.”
A few of the indicators embody malicious connections originating from shoppers figuring out themselves as “rapeflake” and “DBeaver_DBeaverUltimate.”
The event comes days after the corporate acknowledged that it has noticed a spike in malicious exercise focusing on buyer accounts on its cloud information platform.
Whereas a report from cybersecurity agency Hudson Rock beforehand implied that the breach of Ticketmaster and Santander Financial institution could have stemmed from risk actors utilizing a Snowflake worker’s stolen credentials, it has since been taken down, citing a letter it obtained from Snowflake’s authorized counsel.
It is presently not recognized how the 2 firms – that are each Snowflake prospects – had their info stolen. ShinyHunters, the persona who claimed accountability for the dual breaches on the now-resurrected BreachForums, advised DataBreaches.internet that Hudson Rock’s clarification was incorrect and that it is “disinformation.”
“Infostealers are a major drawback — it has lengthy since outpaced botnets and so on. in the true world — and the one actual resolution is powerful multi-factor authentication,” unbiased security researcher Kevin Beaumont mentioned. It is believed {that a} teen crime group is behind the incident.
