Cloud data provider, Snowflake Inc., discovered and is now investigating an increase in cyber threat activity targeting some of its customers’ accounts.

Snowflake officials said this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data. Research indicates these types of attacks end up performed with customers’ user credentials that suffered exposure through unrelated cyber threat activity.

Snowflake is a cloud computing–based data company based in Bozeman, Montana, founded in July 2012 and publicly launched in October 2014. The firm offers a cloud-based data storage and analytics services.

To date, the company said it does not believe this activity is from any vulnerability, misconfiguration, or malicious activity within the Snowflake product.

Throughout the course of the ongoing investigation, we promptly informed the limited number of customers who we believe may suffered an impact from the incident, the company said in an advisory.

Schneider Bold

In an effort to provide guidance, Snowflake listed some prevention suggestions:

Setting up network policies: Set up account-level and user-level network policies for highly credentialed users/service accounts.

Review account parameters: Review account parameters to restrict how data can export from your Snowflake account. Users will need to do due diligence on enabling these features and their impacts on existing account integrations.

Review account for configuration drift: Monitor Snowflake accounts for unauthorized privilege escalation or configuration changes.

Review service account authentication: For service accounts (i.e., non-human interactive use cases), use key pair authentication or OAuth for machine-to-machine communication in lieu of static credentials.

Click here for more information on the advisory.

ISSSource

Pin It on Pinterest

Share This