Pure Storage says: “We’re the next victim in the snowflake breach!”

OK, I had to start this with a very interesting title. But this is definitely going to get interesting, as more companies will come out with this.

Need to see what this past Sans News Bites says, and I’ll do that soon. One of the things that I want to tackle is this two factor myth.

According to the article, customers ar pushing back when it comes to two factor or multi factor authentication.

We already know for a fact that the actors have been able to access the infrastructure of snowflake through the fact that there was no multi factor of any kind.

All they had to do was start with the demo account, then they could try others.

I think we really need to give Snowflake our complete “Stupid Fuck” award of the podcast.

Pure Storage, known for its proprietary DirectFlash technology, has sought to downplay what happened, describing how a third party had gained temporary access to a single data analytics workspace containing telemetry used for customer support.

That’s information about who Pure Storage is, and its good to know this as people don’t know who they are.

The article further down says:

The Snowflake incident has already been connected to data breaches at Spanish bank Santander and ticketing giant Ticketmaster, plus a long list of other well-known companies originally named in a May report by cyber-intelligence company Hudson Rock (since removed after legal pressure from Snowflake).

Why Snowflake forced the cybersecurity company to remove the report downplays this. The industry must! know who was affected so that customers of these companies are properly informed and or the customers of Snowflake can take proper measures. This is because this stupid fucking company thinks its only one account, and has no fucking idea about what is really going on.

I don’t know what is on my customers accounts, but I at least try to figure out the problem if it is something that i can learn about. Then I’ll know and can educate people.

The article continues:

On 10 June, reports by Google’s Mandiant and CrowdStrike linked the attacks to a threat actor identified as UNC5537 which they said was compromising Snowflake accounts using customer credentials acquired from cybercrime forums.

In other words, the group gained access using compromised credentials rather than a weakness in the Snowflake platform itself. Data theft was being used to extort Snowflake customers, of which 165 had been notified of possible exposure, Mandiant said.
Single factor’s last stand?

According to Mandiant, most of the credentials used to break into accounts were acquired by Infostealers, a long-established type of malware which infects computers to silently steal data including passwords.

We know the potential that it could be going back 4 years is present. But like with my control panel, we are now forcing people to change passwords every 180 days which I think is not necessary, but now I can see why this is done. If you’re using webmail, you’re also forced to change your password every 180 days. At least that’s how I understand it, anyhow.

The article says:

Given that MFA is now widely seen as a necessary protection for any privileged account, what’s less clear is why so many customers aren’t using it.

I’ll tell you why it is a problem. Nobody wants to take the time to use something else to log in. While I hate it too, it is protecting me.

Someone tried to gain access to something, and I got a two factor code by SMS. Since I didn’t get any calls, nor was I emailed about it, it protected me. And even if I got a call, I bet it was going to be from someone I had no idea who they were, and I still wouldn’t give them my code.

If they said they worked for the company, I’d tell them that they didn’t need my code and to use their web control panel to access my account.

The article about two factor says:

“Unfortunately, IT departments receive pushback from users when it comes to using two-factor authentication. Users do not like using MFA, as it adds another step to the authorization process,” said Chris Hauk of privacy organization Pixel Privacy.

If you don’t require it, then of course you’ll get pushback when you want to implement it, you stupid fucks.

The article continues:

“This is despite MFA adding a minuscule bit of extra time to the login process. Management needs to back IT in cases like this. More authentication steps generally mean less breaches like this. Sadly, users do not enjoy change and will always pushback.”

MFA improves security but it also increases complexity because users have to be enrolled and managed, and the technology is never cheap to implement.

In regards to shadow IT, the paragraph says:

Compounding this was the issue of shadow IT. Developers sign up for cloud accounts without telling the IT team which means that MFA policies, if they exist, are never applied.

Why would they implement something they can’t monitor and utalize at the push of a button?

Finally,

Service providers could solve this by mandating MFA but are reluctant to because they too think they’ll get pushback from customers.

If Snowflake tells us anything it’s that the gradualist approach to MFA security is obsolete. MFA is not a panacea but its universal application on cloud services would surely reduce the likelihood of mass data breaches by careless account holders.

I’d say, if you don’t want to implement multi factor, than you don’t need to be here. Its not my responsibility if you get owned, and you bake that in to your terms of service.

Pure Storage says it was breached as Snowflake victim count continues to grow is the title of this article should you wish to read the entire thing.

Wow. This is only going to get worse, unless Snowflake and other service providers like them do the right thing.