Snowflake attacks - what happened, and 6 mitigations to prevent it happening to you

Рет қаралды 486

Күн бұрын

In this video I discuss the recent attacks against Snowflake cloud data instances. These attacks aren't compromising Snowflake directly, but using legitimate credentials. These credentials are then being used against Snowflake customer environments.
In this video I talk about what happened, why this is interesting, and suggest 6 mitigations.
Mandiant blog: cloud.google.com/blog/topics/...
Okta compromise: sec.okta.com/articles/2023/11...
Snowflake advice: community.snowflake.com/s/que...
00:00 Introduction.
01:05 What happened?
01:59 The history.
04:41 Why is this interesting?
08:17 How can we defend against this?
17:25 Outro.
#informationsecurity #cybersecurity #snowflake

Пікірлер: 13

@theGaryRuddell 13 күн бұрын

Great briefing on Snowflake! And thanks for the shoutout!

@Steve_Townsley 13 күн бұрын

Any time!

@EimhinONeill 8 күн бұрын

Love this Steve. So much noise and rumour in the media about the breach but to finally get some clarity is fantastic!

@Steve_Townsley 8 күн бұрын

Thanks for that lovely feedback! Yes it’s got quotes noisy about what happened in these attacks. Glad you found the video useful 🙂

@alexwloch1088 13 күн бұрын

Fantastic video sir as always. Bring on the next episode.

@Steve_Townsley 13 күн бұрын

Thanks very much good sir!

@stephenrandles9248 13 күн бұрын

Thanks for the video Steve, I really liked your approach to cloud security with multiple layers of defence and awareness of services being key. Snowflake does bring into focus the weakness of service accounts and capabilities to use info stealers. 🔐

@Steve_Townsley 13 күн бұрын

Thanks! I glad you enjoyed the video. Definitely underscores the benefits of defence in depth 🙂

@UBA_NOOB 13 күн бұрын

Another great video Steve. What I found really interesting was your advice on password hygiene reversing the current NCSC guidance regarding password refresh. Do you think infostealers will make the likes of NCSC update their advice?

@Steve_Townsley 13 күн бұрын

Thanks! I think the National Cyber Security Centre advice on passwords is already excellent. But, if infostealers increase in popularity and we’re not rotating passwords then we’re going to have a problem. I definitely think that passwordless can help here, and I’m not sure what advice exists for high privilege service accounts. Those feel like credentials that should be rotated. Ultimately we need to also think about how we protect passwords.

@tomtech1537 10 күн бұрын

Similar to my other point but you raise it more specifically. Entra Conditional Access Policies won't prevent token teleportation; initial authorization will check the policy but once a user has that token it can be [stolen and] used everywhere without issue, unless continuous evaluation is enabled.

@Steve_Townsley 10 күн бұрын

That's a good point and one which I think is often overlooked. All the CAP checks (apart from CAE as you say) is at point of authorisation!