LayerX Security’s Post

On one hand, I'm sure there could be things that Snowflake does to either mitigate or make these attacks easier, but they wouldn't have happened if the customer wasn't compromised first. On the other, note the section in the article on how a user apparently can't set a policy to require company-wide use of #MFA it must be enabled account-by-account. Why is that? I'd assign the majority of blame to the customers, but Snowflake certainly gets a share. Carry on... https://lnkd.in/gSfgF7_c #auguryit #cysec

UNC5537 observed using stolen credentials to target organizations utilizing Snowflake databases. The threat actor is using a custom attack tool to target Snowflake environments that primarily lack two-factor authentication (2FA).

Is it time to rethink the risk / benefit ratio of moving critical business data to the cloud? I think it boils down to two questions. 1. Can you implement your cloud hosted data in such a way the when it is breached, it is basically unusable. Think only hosting hashed PII info outside your local network. It’s still highly valuable business data but it doesn’t put your customer at risk. 2. How much data do you really need to store outside of your full control? Do your data volumes and access needs really necessitate the cost, complexity, and risk of being not just Cloud First but Cloud Only?

Supply chain and third party attacks will continue to be one of the biggest vectors for attack against any organisation. Even if you are not targeted directly, you may end up collateral damage; while this story continues to unfold, it is a continuing cautionary tale to ensure you have amazing supply chain risk management in place...You cannot outsource accountability, and it's incumbent on us all to ensure good controls...

https://lnkd.in/d5a5fDDD An interesting state of affairs and what looks like a breach of staggering proportions. A carefully crafted notification that does not (perhaps intentionally) mention the misuse of credentials by other trusted third parties i.e. other than snowflake personnel or end users. The notification does not cover a scenario where TAs may have trojanised an admins machine and ridden in on the back of an authenticated remote access session. So important to fully protect endpoints and use PAM. Important to see how this develops.

Snowflake’s Data Leak: Why Honesty Matters Recently, Snowflake had a data leak. This kind of thing is a big risk for any business, but trying to hide it is even riskier. Here’s why we should be honest: 1. Trust: Customers need to know we’re taking care of their data. Being upfront helps keep their trust. 2. Learning: Admitting mistakes means we can fix them and get better. 3. Rules: There are laws about reporting breaches. Not following them can get us in trouble. At Snowflake and everywhere else, it’s super important to prevent data breaches and be honest when they happen. Trying to cover up a breach can do more damage in the long run. Let’s push for better data protection and a culture of honesty. #DataSecurity #Honesty #Snowflake #DataBreach #Trust

Good Lord...below is why Xiid says PLEASE let us show you how to become 100% credential-less so what happened to Snowflake wont happen to you. Can we set up a meeting to review and show you how? Newest Snowflake Info: A threat actor has accessed data belonging to at least 165 organizations using valid credentials to their Snowflake accounts, thanks to no MFA and poor password hygiene. https://lnkd.in/eDZSDzGG

Have you ever wondered about the difference between #dataleaks and #databreaches? 😵 Well, you’re not alone! Our latest blog post is here to help you sort through the confusion! (TLDR: It doesn't matter which one you're facing, Flow's got you covered for both). Read now to learn: ➡ Definitions of data leaks and data breaches ➡ The distinctions between the two ➡ Common causes of each ➡ Strategies to minimize the risk of both ➡ How Flow’s runtime approach detects and prevents both from happening >> https://lnkd.in/dhtBm9nY