The Australian Cyber Security Centre (ACSC) is warning of increased cyber threat activity regarding Snowflake customers, saying Australian organisations who utilise Snowflake should reset credentials for active accounts, disable non-active accounts, enable Multi-Factor Authentication (MFA), and review user activity.
Snowflake says it recently observed and is investigating an increase in cyber threat activity targeting some of its customers’ accounts. “We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data,” its June 1, 2024, advisory reads.
“Research indicates that these types of attacks are performed with our customers’ user credentials that were exposed through unrelated cyber threat activity. To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted.”
Snowflake has published an advisory to assist in identifying instances of unauthorised access. The ACSC is monitoring the situation and says it is able to provide assistance and advice as required.
