Snowflake is making some major MFA changes following recent security incidents
Snowflake improves security, giving administrators the ability to enforce multi-factor authentication (MFA), adding more security customization options, and introducing a new platform for monitoring and enforcing MFA policies.
Admins can decide whether to push MFA to all users, to users using Single Sign-On (SSO), or only to specific, individual accounts. Additionally, users logging into their Snowflake accounts will be prompted to enable the new feature. If they decline, they will be prompted again in three days.
In addition to the MFA prompt, Snowflake is also introducing the Snowflake Trust Center, where admins can monitor MFA policy compliance. Part of that feature is the Trust Center Security Essentials scanner suite, which helps mitigate credential theft issues.
Cybersecurity Breaches
βThis package looks for MFA compliance, as well as the use of network policies,β the company explained in a blog postβAs a recommended compliance monitoring tool, it is enabled by default and available for free in all Snowflake editions.β
In addition to the scanner suite, Snowflake also introduced the Trust Center CIS Benchmark scanner suite, which evaluates the account against the CIS Snowflake Foundations Benchmark. These scanners can detect overprivileged users, accounts that have not logged in for more than three months, and more.
Snowflake has been at the center of much controversy in recent months when it emerged that a threat actor tracked as UNC5537 was using credential stuffing to compromise hundreds of accounts, including those belonging to large corporations. Ticketmaster, Advance Auto Parts, and LendingTree are just a few of the victims.
On the dark web, a hacker with the alias Sp1d3r offered these databases for sale. The archives had a value ranging from $100,000 to $1.5 million.