Canadian Man Arrested in Snowflake Data Extortions

https://krebsonsecurity.com/2024/11/canadian-man-arrested-in-snowflake-data-extortions/

#AlexanderAntoninMoucka #BharatSancharNigamLtd #AtomwaffenDivision #Ne'er-Do-WellNews #ConnorRileyMoucka #AdvanceAutoParts #ALittleSunshine #JohnErinBinns #AustinLarsen #IntelSecrets #Kiberphant0m #Ticketmaster #Breadcrumbs #SIMSwapping #LeakSociety #LendingTree #AT&Tbreach #Snowflake #Judische #Mandiant #RapeLash #UNC5537 #Verizon #Satori #Court #IRDev

Pues al final parece que no hay un motivo geopolítico tras la oleada de ataques a empresas e instituciones españolas de hace unas semanas, pese a coincidir con el encuentro entre Sánchez y Zelensky y el reconocimiento de Palestina como Estado. No, no parece que España esté especialmente fijada como objetivo. Al parecer viene todo del compromiso de #snowflake (bueno, en realidad de un tercero de Snowflake).

Snowflake, una de esas empresas de datos y que compañías contratan para almacenar los datos de sus clientes. Parece que de ahí viene todo, son muchas las empresas de todo el mundo con sus datos comprometidos, no sólo las españolas. El responsable, el grupo criminal estadounidense #UNC5537.

Lo más sangrante es que todo viene de la nula política de seguridad de este tercero, que ni siquiera imponía 2FA. Solo con un usuario y contraseña (¡filtrados en 2020!) consiguieron todo cuatro años después. Increíble. Flipo.

El informe de Mandiant:

https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion

#ciberseguridad

Ticketmaster’s Snowflake data breach was just one of 165

Security researchers are reporting a “significant volume of data” has been stolen from hundreds of Snowflake cloud storage customers via compromised login credentials. At least 165 Snowflake customer organizations may have been compromised

#TicketMaster #LiveNation #databreach #Snowflake #UNC5537 #security #cybersecurity #hackers #hacking #hacked

https://www.theverge.com/2024/6/11/24176080/snowflake-cloud-storage-data-breach-ticketmaster-santander

#UNC5537 breached at least 165 #Snowflake instances.

A week ago, we said #Ticketmaster was one of “several” victims of a hacking spree directed at customers of Snowflake, Inc. (NYSE:SNOW), a cloud analytics firm. But now it appears that number is a lot bigger.

Surely data analytics experts should be able to spot hundreds of customers being breached? And why is a simple username/password pair enough to dump an entire database?

In #SBBlogwatch, we wonder why Snowflake continues to blame the victims, when the firm seems at least partly responsible. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/06/snowflake-mandiant-unc5537-ticketmaster-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Threat group 'systematically compromising Snowflake customer instances'

165 organisations notified to date

https://www.computing.co.uk/news/4320910/threat-group-systematically-compromising-snowflake-customer-instances

#infosec #technews #snowflake #mandiant #UNC5537 #mfa