“This information was obtained primarily from multiple infostealer malware campaigns that infected non-Snowflake systems. This allowed the threat actor to access affected customer accounts and led to the export of a significant amount of customer data to their Snowflake customer accounts. “The threat actor has started defrauding many victims directly and is trying to sell stolen customer information on a reputable cybercrime forum,” Mandiant said.
Most of the stolen information, it added, comes from infostealer infections that in some cases started back in 2020.
Cybersecurity experts have been talking about Snowflake attacks for a long time. In September, after more attacks, Brian Soby, CTO of AppOmni, said, “what we saw in the Snowflake ecosystem is definitely not different from that solution. This situation can easily play out in any large SaaS application, since the main risks are the same; they focus on the lack of visibility which makes sense in the security configuration of the applications and the lack of effective monitoring capability.”
Source link