Snowflake Warns Targeted Credential Theft Campaign Hits Cloud Customers

pCloud computing and analytics company Snowflake said a limited number of its customers have been singled out as part of a targeted campaignppWe have not identified evidence suggesting this activity was caused by a vulnerability misconfiguration or breach of Snowflakes platform the company said in a joint statement along with CrowdStrike and Googleowned MandiantppWe have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnelppIt further said the activity is directed against users with singlefactor authentication with the unidentified threat actors leveraging credentials previously purchased or obtained through informationstealing malwareppThreat actors are actively compromising organizations Snowflake customer tenants by using stolen credentials obtained by infostealing malware and logging into databases that are configured with single factor authentication Mandiant CTO Charles Carmakal said in a post on LinkedInppSnowflake is also urging organizations to enable multifactor authentication MFA and limit network traffic only from trusted locationsppThe US Cybersecurity and Infrastructure Security Agency CISA in an alert issued on Monday recommended organizations follow the guidance outlined by Snowflake to hunt for signs of unusual activity and take steps to prevent unauthorized user accessppA similar advisory from the Australian Signals Directorates Australian Cyber Security Centre ACSC warned of successful compromises of several companies utilizing Snowflake environmentsppSome of the indicators include malicious connections originating from clients identifying themselves as rapeflake and DBeaverDBeaverUltimateppThe development comes days after the company acknowledged that it has observed a spike in malicious activity targeting customer accounts on its cloud data platformppWhile a report from cybersecurity firm Hudson Rock previously implied that the breach of Ticketmaster and Santander Bank may have stemmed from threat actors using a Snowflake employees stolen credentials it has since been taken down citing a letter it received from Snowflakes legal counselppIts currently not known how the two companies which are both Snowflake customers had their information stolen ShinyHunters the persona who claimed responsibility for the twin breaches on the nowresurrected BreachForums told DataBreachesnet that Hudson Rocks explanation was incorrect and that its disinformationppInfostealers are a significant problem it has long since outpaced botnets etc in the real world and the only real solution is robust multifactor authentication independent security researcher Kevin Beaumont said Its believed that a teen crime group is behind the incidentppContinuous Attack Surface Discovery Penetration TestingppContinuously discover prioritize mitigate exposures with evidencebacked ASM Pentesting and Red TeamingppFacing identity threats Discover how ITDR can save you from lateral movement and ransomware attacksppFrom data breaches to identity theft compromised credentials can cost you everything Learn how to stop attackers in their tracksppGet the latest news expert insights exclusive resources and strategies from industry leaders all for freep