\n<\/p>\n
It\u2019s potential the ShinyHunter hackers didn’t straight hack the EPAM employee, and easily gained entry to the Snowflake accounts utilizing usernames and passwords they obtained from previous repositories of credentials stolen by information stealers. However, as Reddington factors out, which means anybody else can sift by means of these repositories for these and different credentials stolen from EPAM accounts. Reddington says they discovered knowledge on-line that was utilized by 9 completely different infostealers to reap knowledge from the machines of EPAM staff. This raises potential considerations concerning the safety of information belonging to different EPAM clients.<\/p>\n
EPAM has clients throughout numerous crucial industries, together with banks and different monetary companies, well being care, broadcast networks, pharmaceutical, power and different utilities, insurance coverage, and software program and hi-tech\u2014the latter clients embody Microsoft, Google, Adobe, and Amazon Net Providers. It\u2019s not clear, nevertheless, if any of those firms have Snowflake accounts to which EPAM staff have entry. WIRED additionally wasn\u2019t in a position to affirm whether or not Ticketmaster, Santander, Lending Tree, or Advance AutoParts are EPAM clients.<\/p>\n
The Snowflake marketing campaign additionally highlights the rising safety dangers from third-party firms generally and from infostealers. In its weblog submit this week, Mandiant prompt that a number of contractors had been breached to realize entry to Snowflake accounts, noting that contractors\u2014typically referred to as enterprise course of outsourcing (BPO) firms\u2014are a possible gold mine for hackers, as a result of compromising the machine of a contractor that has entry to the accounts of a number of clients may give them direct entry to many buyer accounts.<\/p>\n
\u201cContractors that clients have interaction to help with their use of Snowflake might make the most of private and\/or non-monitored laptops that exacerbate this preliminary entry vector,\u201d wrote Mandiant in its weblog submit. \u201cThese gadgets, typically used to entry the techniques of a number of organizations, current a big threat. If compromised by infostealer malware, a single contractor’s laptop computer can facilitate risk actor entry throughout a number of organizations, typically with IT and administrator-level privileges.\u201d<\/p>\n
The corporate additionally highlighted the rising threat from infostealers, noting that almost all of the credentials the hackers used within the Snowflake marketing campaign got here from repositories of information beforehand stolen by numerous infostealer campaigns, a few of which dated way back to 2020. \u201cMandiant recognized a whole lot of buyer Snowflake credentials uncovered by way of infostealers since 2020,\u201d the corporate famous.<\/p>\n
This, accompanied by the truth that the focused Snowflake accounts didn\u2019t use MFA to additional shield them, made the breaches on this marketing campaign potential, Mandiant notes.<\/p>\n