Home Snowflake’s infostealing malware incident

Snowflake’s infostealing malware incident

June 7th — Since Australian authorities sounded the alarm last week, cloud storage and data analysis company Snowflake has been at the center of a data theft debacle. Evidently, cyber criminals successfully compromised several businesses that depend on Snowflake environments.

Via the cyber breaches, criminals allegedly obtained records belonging to major organizations; from big banks, to pharmaceutical conglomerates, to a food delivery service, to a public-run freshwater supplier, among other groups.

What happened

Experts believe that cyber criminals gained access to customer systems through credentials that were previously purchased or otherwise obtained via info stealing malware.

While Snowflake does manage data on behalf of its customers, the company also allows each customer to manage the security of their own environment. It does not automatically enroll or require its customers to apply multi-factor authentication (MFA).

The lack of MFA directly enabled cyber criminals to extract tremendous quantities of data from a handful of Snowflake client systems. In addition, one of the company’s own “demo” accounts was compromised due to failure to apply basic security measures.

Snowflake’s response

In a brief statement, Snowflake conceded that unauthorized access to a “limited number” of customer accounts may have occurred. According to the company, no direct breach of systems has been found.

At present, hundreds of Snowflake customer credentials appear to be swirling around on the dark web. As a result, the risk of Snowflake customer account compromises may be quite substantial.

Snowflake has advised customers to immediately apply multi-factor authentication to their accounts. Those that aren’t enforcing MFA are at risk of compromise via simple attack types (password theft and reuse, for example).

For more on this story, click here. Be sure to see CyberTalk.org’s recent malware coverage, here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.