Snowflake, a leading cloud storage and analytics platform, has taken decisive action in response to a recent wave of identity attacks targeting its customers. After confirming that threat actor UNC5537 used stolen credentials against several database customers in late May, Snowflake, alongside cybersecurity firms Mandiant and CrowdStrike, conducted an investigation and found no evidence of a breach or exploit on their platform.
UNC5537’s custom attack tool was primarily aimed at customers without multifactor authentication (MFA) enabled, leading Snowflake to urge all users to activate MFA and implement network policy rules to enhance security. Despite these warnings, UNC5537’s campaign resulted in breaches at Ticketmaster, Santander Bank, Neiman Marcus, and AT&T, affecting a total of 165 organizations by June 10.
In response to these security challenges, Snowflake introduced new MFA enforcement features on July 9. These enhancements allow customer administrators to mandate MFA for all user accounts, prompting users to set up MFA and enabling admins to enforce security measures by default. This proactive approach aims to enhance user adherence to MFA policies and prevent future attacks.
While some question Snowflake’s decision not to make MFA mandatory across all accounts, citing companies like AWS and GitHub that have implemented mandatory MFA requirements, experts suggest that Snowflake may have considered factors such as user experience and market competitiveness. Jason Soroko, a product expert at Sectigo, emphasized the importance of balancing security with user preferences to maintain a seamless user experience.
Industry analysts and experts have praised Snowflake’s efforts to enhance security measures through mandatory MFA enforcement. Todd Thiemann, a senior analyst at TechTarget’s Enterprise Strategy Group, commended Snowflake’s initiative as a crucial step towards bolstering security in the cloud. Similarly, Merritt Maxim, a research director at Forrester Research, highlighted the essential role of MFA in mitigating cyber risks, urging organizations to prioritize its implementation.
Despite concerns about the optional nature of MFA enrollment, experts like Dustin Childs from Trend Micro’s Zero Day Initiative emphasize the importance of making MFA mandatory to safeguard against potential security threats. By embracing proactive security measures and prioritizing user authentication, Snowflake aims to protect its customers and prevent future identity-based attacks.
In conclusion, Snowflake’s introduction of mandatory MFA enforcement reflects a proactive approach to cybersecurity in the face of evolving threats. By empowering customers to enhance their security posture and prioritize user authentication, Snowflake sets a precedent for cloud services to prioritize security measures and safeguard against identity attacks.