June 4, 2024 at 07:06AM
Snowflake, in collaboration with CrowdStrike and Mandiant, has reported a targeted campaign against a limited number of its customers. The company recommends enabling multi-factor authentication and limiting network traffic to trusted locations to prevent unauthorized access. U.S. CISA and ACSC issued alerts, and it’s advised to look for signs of unusual activity.
The key takeaways from the meeting notes are as follows:
– Snowflake, in collaboration with CrowdStrike and Mandiant, has detected targeted activity against a limited number of its customers, involving compromised credentials and infostealing malware.
– The threat actors are exploiting single-factor authentication and accessing databases of organizations’ Snowflake customer tenants.
– Snowflake is advising organizations to enable multi-factor authentication (MFA) and limit network traffic only from trusted locations to mitigate the risk.
– Both U.S. and Australian cybersecurity agencies have issued alerts regarding the successful compromises of companies using Snowflake environments.
– There was an implication that the breach of Ticketmaster and Santander Bank may have been connected to threat actors using a Snowflake employee’s stolen credentials, although this has been disputed.
– The severity of infostealers as a significant problem and the recommendation for robust multi-factor authentication have been highlighted by independent security researchers.
Please let me know if you need any further details or if there are any additional actions required.