Intensifying Assaults Target Snowflake and Its Clientele
In the midst of a series of targeted cyber attacks, Snowflake, the data warehousing giant, is emphasising the importance of Multi-Factor Authentication (MFA) for its customers. According to Snowflake's Chief Information Security Officer (CISO), Brad Jones, MFA remains central to Snowflake customer attacks.
Snowflake is actively communicating with its customers, advising them on how to best protect themselves by enabling MFA and implementing network access policies. The company is also incrementally blocking IP addresses associated with the cyber threat, giving priority to those with a high confidence level.
However, it's important to note that not all Snowflake customers are required to use MFA. The responsibility of managing and securing access credentials, including the implementation of security measures such as MFA, lies with the Snowflake clients themselves. The recent Scattered Spider cybercriminal campaigns underscore the need for strong access controls, but MFA is not mandatory for all Snowflake users by default.
Under Snowflake's shared responsibility model, customers are expected to enforce MFA with their users. Snowflake supports MFA via the Duo Security service.
The attacks, which appear to be directed at users with single-factor authentication, have been linked to a spree of identity-based intrusions that Snowflake first disclosed on Friday. The FBI advisory and related reports suggest that attackers have exploited weaknesses in client-side security, often impersonating IT help desk personnel to steal credentials.
Snowflake has not disclosed the exact number of customers impacted, but has described the incidents as a "limited number of Snowflake customers." At least four major companies have reportedly been exposed by cyberattacks involving the theft of corporate information stored on Snowflake database environments.
As the investigation continues with assistance from CrowdStrike and Mandiant, Snowflake is informing customers it considers impacted and suspending certain user accounts where there are strong indicators of malicious activity.
Despite the ongoing cyber threats, Snowflake's Data Cloud Summit kicked off in San Francisco on Monday, but the company did not address or publicly comment on the identity-based attacks targeting its customers during the event. Snowflake is encouraging all its users, particularly those with account administrator privileges, to enable MFA.
While Snowflake is considering all options for MFA enablement, no final plans have been announced at this time. Snowflake urges its customers to maintain strong access controls and stay vigilant against potential threats.
- Snowflake emphasizes the importance of Multi-Factor Authentication (MFA) in the face of targeted cyber attacks, highlighting its significance in incident response strategies.
- The company is striving to bolster its customers' security by recommending the use of MFA, network access policies, and by blocking IP addresses related to the cyber threat.
- Despite MFA not being mandatory for all Snowflake users, the company encourages users to enforce it and supports MFA via the Duo Security service under its shared responsibility model.
- As Snowflake urges its customers to maintain strong access controls and stay vigilant, it's essential to be aware of the potential links between attacks on users with single-factor authentication and ensuing privacy and finance-related concerns in the realm of cybersecurity and technology.
