Cyber threats
Barometer
Highlight of the month
In June 2024, Snowflake, a leading cloud data management provider, was targeted by a coordinated attack attributed to the cybercriminal group UNC5537. The hackers exploited stolen login credentials to infiltrate Snowflake customer accounts, successfully exfiltrating sensitive data. According to available information, the cybercriminals acquired these credentials either via the use of infostealers on systems external to Snowflake, or by exploiting their availability on the dark web, following previous hacks. Once access to the accounts had been gained, the attackers exfiltrated sensitive data and attempted to extort the affected companies by threatening to disclose the stolen information. As is common in this type of operation, the compromised data was also offered for sale on cybercriminal forums such as BreachForum.
Security firm Mandiant, in collaboration with Snowflake, contacted 165 organizations potentially affected by the attack. These include well-known companies such as Ticketmaster, Santander Bank and Mitsubishi. Snowflake is actively working with affected customers to minimize the impact of the incident, and maintains that the security of its platform and internal systems remains robust. Mandiant analyzed the methods used in the attack and concluded that the techniques employed by the UNC5537 group were not particularly sophisticated. The targeted accounts not only lacked multi-factor authentication (MFA), but also network access restrictions, enabling hackers to log in easily from any location. The company predicts that UNC5537 could continue to exploit this approach to target other SaaS services, as long as security measures such as MFA are not systematically implemented. On June 17, it also published a Threat Investigation Guide to help organizations detect anomalous and unauthorized activity in their Snowflake instances.
TOP
COMMON VULNERABILITIES & EXPOSURES (%)
TOP
TARGETED BUSINESS SECTORS (%)
Definition of the month
Multi-factor authentication (MFA or 2FA) is a security method that requires users to provide at least 2 distinct proofs of identity before accessing an account or system. These proofs can come from different categories: information that the user is the only one to know (a password or PIN), a device that the user possesses (a phone or security token), or a biometric characteristic that is inherent to the user (fingerprint or facial recognition).
MFA is designed to reinforce security by combining several barriers to entry, making it much more difficult for an attacker to gain illegal access to sensitive systems and data.
TOP
MALWARE FAMILIES (%)
TOP
THREAT CATEGORIES (%)
About the Cyber Threat Barometer
Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.
Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.