Exclusive Content:

Salesforce introduces LLM benchmark for CRM

With its first LLM benchmark, Salesforce wants to support...

Convert PDF to Word: Step by step easily, quickly and without programs

Developed by Adobe in the early 90s. The PDF...

“165 Snowflake customers hacked via poorly secured accounts”

Around 165 Snowflake customers have already fallen victim to hackers. They found their way there because of the customers’ own lack of security in their Snowflake accounts.

The security company Mandiant, together with the data cloud specialist Snowflake, has already contacted 165 organizations that have fallen victim to hackers. Criminals have stolen customer data from their Snowflake accounts and are now trying to make money by blackmailing the targets or reselling this data.

The customers were targeted by attackers from a group that goes by the name UNC5537. It is currently targeting Snowflake customers, but is not exploiting any bugs or vulnerabilities in Snowflake itself. Snowflake accounts are a good target because Snowflake is intended to serve as a central location for all users’ corporate data.

Login details stolen

Mandiant points out that in all cases uncovered, the root cause of the breach lies with the customer themselves. Specifically, UNC5537’s hackers broke in using stolen credentials for accounts without MFA protection. They were able to obtain these credentials through a mix of infostealer malware, but often because they were simply available on the dark web, having previously been stolen by other gangs.

Mandiant points out that the oldest stolen username and password combination dates back to November 2020. The data that UNC5537 misuses is fundamentally not new and has been circulating in criminal circles for some time. Victims have not changed the login credentials for their Snowflake accounts since the original password theft, although there is a good chance that they were unaware of any damage during that time.

Enter through the front door

The UNC5537 attack is therefore not very sophisticated. The criminals simply log in using an account with available credentials and sufficient privileges and then get to work using various tools. They examine what data they have access to and then steal it.

Mandiant points out that the affected accounts not only do not have MFA, but also do not use it Allow network-Lists. This allows access to an account to be restricted to known locations (e.g. the corporate network).

Essentially, the affected Snowflake customers lost their keys at some point in the last four years, did not replace the lock or install an additional lock, and thieves have now used the key to break in through the front door.

No platform error

Snowflake’s customer service is working with affected customers to limit the impact of the attack. Snowflake itself insists that there is nothing wrong with the security of the Snowflake platform or its own systems. The fact that at least one demo account without MFA was hacked by Snowflake itself does not change this, according to the company. After all, this demo account is nothing other than what the name suggests and had no access to production systems.

Mandiant points out that in some cases UNC5537 was able to access data from client partners who managed multiple systems, which of course only amplifies the impact. It is unlikely that the approximately 165 clients now identified as victims comprise the total number of victims targeted by UNC5537.

Lucrative attack model

Mandiant further concludes that UNC5537 is likely to continue its strategy and will not necessarily continue to focus on Snowflake. After all, attacking SaaS services via stolen credentials is not that difficult as long as users do not enable MFA. According to Mandiant, the UNC5537 group itself still consists of members in North America and at least one hacker in Turkey.

Snowflake does not (currently) require customers to enable MFA. The company recommends that users do so. Following the attack, the company is also evaluating whether it can require its customers to implement enhanced security mechanisms in the future. Several SaaS providers and cloud specialists already do this.

Source: IT Daily

Latest

Newsletter

Don't miss

Salesforce introduces LLM benchmark for CRM

With its first LLM benchmark, Salesforce wants to support companies in their search for the right LLM for their CRM systems. Salesforce launches the world's...

Convert PDF to Word: Step by step easily, quickly and without programs

Developed by Adobe in the early 90s. The PDF format was an instant success, because it came at a time when both document digitization...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

pron india eroteenies.info sex mumbai video lupusregina beta hentai hentaifile.com cumflation hentai kolkata local sexy video brostube.info desipapacom rostom padilla teleseryeepisodes.com jared bahay isai mini.com dunato.mobi tamil sex lady hentai isekai hentaiup.net hentai massive tits سكس موظف forzaarab.com افلام سكس نيك في الطيز owl hentai hentaihq.org henita manga marvadi sexi hairyporntrends.com malayalam hidden cam sex pron indian cowporn.info xvedios indian favorite seneka sex photos tubeshere.info odia six vido سكس ياباني محارم pornolodim.net نيك زوجة مصرية www xxxindin verpornos.org xxxxnxx india wap sextoyporntrends.com school fucking videos 3x blue film hindi xxxvideohd.net sex mms vedio