Summary: Snowflake has implemented new security measures, including mandatory multifactor authentication and longer password requirements, following a series of cyberattacks that compromised high-profile customers. These changes aim to enhance security and prevent unauthorized access to customer data.
Threat Actor: UNC5537 | UNC5537
Victim: Snowflake Customers | Snowflake Customers
Key Point :
- Snowflake’s new security measures include default multifactor authentication and a 14-character password minimum.
- The attacks were attributed to credential stuffing, where attackers reused stolen username and password pairs.
- Snowflake aims to eliminate password-only sign-ins to enhance account security.
- Administrators can now enforce strong authentication and track credential theft and overprivileged accounts.
- The company’s efforts align with the Cybersecurity and Infrastructure Security Agency’s Secure By Design Pledge.
Governance & Risk Management
,
Multi-factor & Risk-based Authentication
,
Password & Credential Management
New Security Measures Follow High-Profile Hacks of Snowflake Customers
Cloud-based data warehousing platform Snowflake has rolled out default multifactor authentication – as well as a 14-character password minimum – to shore up security in the wake of a series of cyberattacks in June that hit high-profile customers including Santander Bank, Advance Auto Parts, the Los Angeles Unified School District and luxury retailer Neiman Marcus.
See Also: Protect Your Amazon S3 Data: Why Versioning, Replication, and AWS Backup are Not Enough
Attackers compromised the Bozeman, Montana-based company’s third-party environment and used stolen credentials to steal from Snowflake customer tenants, download their files and demand $5 million in exchange for a promise to delete stolen data (see: Snowflake Hacking Spree Puts 165 Organizations at Risk).
The company on Friday announced new security measures related to authentication for accounts created in October, including MFA, longer passwords and no repeat passwords.
“Multifactor authentication will be enforced by default for all human users in any Snowflake account created in October 2024,” the company said, adding that the changes will help ensure the platform is “more secure by default,” with a goal of eliminating “password-only sign-ins.”
For Snowflake service users are advised to they rely on OAuth token verification or key pair authentication while connecting to the platform from external sources like data visualization tools PowerBI, dbt Labs and Tableau.
Details of the attacks first emerged on May 30, after data stolen from Live Nation Entertainment’s Ticketmaster appeared for sale on the criminal marketplace BreachForums (see: Snowflake Clients Targeted With Credential Attacks).
The hacks were blamed on credential stuffing in which attackers reuse username and password pairs stolen or otherwise obtained from other services or data leaks. An analysis of the attack by Google Mandiant attributed the hacks to a financially motivated threat group it tracks as UNC5537.
Snowflake introduced some security features in July to strengthen the use of multifactor authentication, including giving administrators the ability to mandate that all of their Snowflake account user must employ strong authentication and the release of free-to-use tools that allow administrators to track credential theft, overprivileged accounts and “stale users” that no longer require access to the service (see: After Customers Get Breached, Snowflake Refines Security).
Snowflake did not immediately respond to a request for comment. The company on Friday said its recent efforts align with the Cybersecurity and Infrastructure Security Agency’s Secure By Design Pledge, which calls on cloud services, on-premises software and other software manufacturers to design products with greater built-in security.
Source: https://www.bankinfosecurity.com/breach-weary-snowflake-moves-to-mfa-14-character-passwords-a-26297