Snowflake Users Warned by ACSC
In a recent advisory issued on June 1, 2024, Snowflake, the popular cloud data platform, has warned Australian organisations using their services about an increase in cyber threat activity. The warning came following reports of targeted attacks on Snowflake customers in Australia, primarily businesses and government entities.
The Australian Cyber Security Centre (ACSC) has also weighed in, urging organisations to take immediate action. The ACSC has identified that the affected Snowflake customers are those using the cloud data platform, and the cyber threat activity appears to be part of ongoing, industry-wide, identity-based attacks.
Snowflake has been investigating this increase in activity and has found that the current threat is using user credentials exposed through unrelated cyber threat activity. The intent of these attacks is to obtain customer data from Snowflake accounts.
To mitigate the risk, Snowflake has provided a series of recommendations. Firstly, Snowflake users are advised to enable Multi-Factor Authentication (MFA) for added security. Secondly, non-active Microsoft accounts should be disabled. Thirdly, users are encouraged to reset their credentials for active Microsoft accounts. The advisory also includes steps to help identify instances of unauthorised access.
Snowflake has informed a limited number of customers who may have been impacted by the cyber threat activity. The ACSC is also monitoring the situation and is available to provide assistance and advice as required.
It's important to note that Snowflake's investigation has found no evidence of any vulnerability, misconfiguration, or malicious activity within the Snowflake product in relation to these attacks. This suggests that the threat is primarily focused on obtaining user credentials through unrelated means.
In light of this warning, Snowflake users in Australia are encouraged to review their security measures and follow the recommendations provided in the advisory to ensure the protection of their data.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.
- Boost Your Generative Asset Safeguards: Qualys Improves TruRisk System with TotalAI for LLM Protection
