Catch Of The Week: Snowflake Data Breach

By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post

Everyone knows having a super strong and unique password is the best way to protect your online accounts, right? Righttt?

Maybe once upon a time, but in today’s world the best way to protect your accounts is by using MFA (multi-factor authentication) to protect your accounts.

This was recently demonstrated, very painfully, by the Snowflake data breach.

What is Snowflake? Snowflake is an American company offering cloud-based data storage and analytics service, generally termed “data-as-a-service”. This allows corporate users to store and analyze data using cloud-based hardware and software. According to Wikipedia, Snowflake services main features are separation of storage and compute, on-the-fly scalable compute, data sharing, data cloning, and third-party tools support in order to scale with its enterprise customers.

A lot of sensitive data was kept in Snowflake’s storage services by a lot of big corporations including Ticketmaster, Santander Bank, Advanced Auto Parts, and many others. This sensitive information included large data sets of sensitive customer information, like login credentials.

Despite the very sensitive nature of much of this data, Snowflake lets each customer manage the security of their environments and does not automatically enroll or require its customers to use multi-factor authentication, or MFA. As consumers, you should be aware that you are likely going to be receiving some data breach notifications soon.

Courtesy photo

So how did this huge breach happen? According to the Mandiant report, there is no evidence that Snowflake’s enterprise environment has been breached; rather the compromises can all be traced back to compromised customer credentials. Accounts were compromised via infostealer malware, which was installed on user accounts, and then used to steal credentials.

What is infostealer malware? An infostealer is a type of malware that steals sensitive information from a victim’s computer or network without their knowledge. The stolen information can include login creds, financial information, and other sensitive information.

The group responsible for this data theft is known as UNC5537, a financially motivated threat actor suspected to have stolen a significant volume of records from Snowflake customer environments. UNC5537 has been systematically compromising Snowflake customer instances using stolen customer credentials, then advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims.

While Snowflake may bear some responsibility for the breaches, the bulk of it rests on their customers for not having the foresight to set up MFA for all of their users.

Again, what is MFA? Multi-factor authentication (MFA) is a security feature that requires users to provide more than just a password to log in to their account.

MFA uses multiple factors to verify a user’s identity, such as something they know, have, or are:

  • Something they know: A password, PIN, or security question
  • Something they have: A token, smart card, or other hardware device that stores personal information
  • Something they are: A biometric, such as a fingerprint, facial features, or retina scan

As a user, you should absolutely set up MFA whenever you can to protect your accounts.

Usually this can be done either via SMS (text messages you a code), Authenticator app (app on your phone that will generate a code for your individual accounts as needed) or a physical key (such as a Yubikey) that you will need to authenticate to login to your accounts.

Had these customers had MFA on their accounts, the cyber-criminals would not have been able to login and harvest their data. And MFA on individual user accounts would also have protected customer data. If you aren’t putting MFA on all of your accounts that offer it, you are probably going to have a bad time.

Cyber awareness meme image

One thing you can do right now to make yourself more cyber secure is to set up MFA on all of your accounts that offer it. It is generally painless, and it will provide you with multiple layers of protection against any compromises. Stay safe online and set up MFA today!

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems