At least 165 organizations have been affected by a recent series of hacking attacks against users of cloud company Snowflake.. Security firm Mandant says. The company is working with Snowflake to investigate the attacks. There is no evidence that the hackers compromised Snowflake’s systems, with the attackers reportedly gaining access through captured login information that is in some cases years old.

Companies affected by the attacks include Ticketmaster and Advance Auto Parts. On TicketmasterCriminals stole the data of 560 million users. Advance Auto Parts, they captured 3 TB of customer, inventory, and sales data, among other things. Bank Santander also reported a leak. However, Mandant did not disclose whether this was part of the same series of attacks.

Mandate has identified the hacker group as UNC5537. gave A company owned by Google He has been working on the case since April. The cybersecurity company discovered stolen data from the Snowflake environment belonging to an unknown organization, the company reported in a blog post. More Snowflake customers appeared to be affected in May. Mandent then notified Snowflake, and the companies began an investigation together. On May 30, they made their preliminary findings public.

No danger at the end of Snowflake.

So far, there don’t seem to be any leaks from Snowflake, which is the company. Already made clear in his communication. Stolen credentials likely originated from phishing campaigns a few years ago, in which criminals used malware to steal data such as login credentials, personal identification information, and other confidential information.

snowflake attack path.max 2200x2200 1
Source: Mandant

This data is quite old in some cases, with stolen data going back at least to 2020. The data is still usable because its owners didn’t bother to renew or rotate credentials in the interim. It’s also worth noting that the affected users failed to use multi-factor authentication and weren’t using network allow lists, where users can typically only log in from a trusted location.

At least 79.7 percent of account credentials have been exposed in previously captured data lists. On Friday, Snowflake reported that it was rolling out a plan to get more users to use multi-factor authentication. The company is also offering additional guidance to protect against hacking attempts. In addition, it is insisting on a system of ‘least privilege’, in which organizations take a hard look at who should have access to sensitive data first.

Also read: Ticketmaster Incident Shows: Attackers No Longer Break-In But Log In

Source link