Snowflake Data Breaches Makes The News This Week

Posted in Commentary with tags on June 1, 2024 by itnerd

Threat group ShinyHunters, who recently claimed responsibility for Santander and Ticketmaster breaches, claimed they stole data from cloud storage company Snowflake after hacking into an employee’s account. They have also claimed to gain access to data from other high-profile Snowflake customers. I wrote about Ticketmaster here, and Santander here if you want to get up to speed on those.

I gathered up some commentary from industry leaders on this week’s events:

Glenn Chisholm, Co-founder and Chief Product Officer, Obsidian Security

“This year, we have seen a sequence of breaches that have affected major SaaS vendors, such as Microsoft, Okta, and now Snowflake. The commonality across these breaches is identity; the attackers are not breaking in, they are logging in. In IR engagements we have seen through partners like CrowdStrike, we see SaaS breaches often starting with identity compromises–in fact 82% of SaaS breaches stem from identity compromises such as spear phishing, token theft and reuse, helpdesk social engineering, etc. This includes user identities as well as non-human (application) identities.

SaaS is now a very active space where attacks are occurring across the spectrum, from targeted APTs to financially motivated attackers, and every company needs to carefully review its SaaS security program. Ensure the correct application posture to minimize risk, protect their identities which form the perimeter of your SaaS applications, and secure their data movement. These must be a continuous program since your applications evolve, configurations change, identities get introduced, and attackers change their patterns. In other words, you need automation to scale this across all your SaaS applications.”

Will Lin, co-Founder and CEO, AKA Identity and Author, The VC Field Guide and former Venture Partner, ForgePoint Capital

“This breach is so complicated and simple at the same time. Simple that the attack vector was stolen privileged credentials. ‘Bad actors don’t hack in, they log in.’ Complicated because it involves multiple parties who can only do so much to prevent this from happening. The predicament that the world has today is that credentials have been the number one cause of data breaches since the DBIR started tracking them. The modern world has been set up to fail without good data and visibility into their most important trust boundary: identities and access management.”

Avishai Avivi, CISO, SafeBreach

“The latest Snowflake breach surfaces multiple troubling aspects about the potential impact of shifting to massive data lakes hosted on a cloud provider. Combine this with compromised credentials and a session cookie hijack, and you have the perfect storm. It’s important to understand that we are still in the early stages of identifying the specifics of this incident. Hudson Rock’s insightful blog post provides some understanding. The attacker seems to have gained initial access through a combination of stolen credentials from a sales engineer and session hijacking.

At this point, we have to shift to some educated hypothesis and conjecture. The malicious actor then used a single set of credentials with access to a single backend cloud-based platform, ServiceNow, that Snowflake uses to effect a breach on dozens, potentially hundreds, of Snowflake’s customers.

The ability to leverage this single entry vector to access the data of multiple customers indicated:

  • Initial infection by a known malware – It appears that credentials were compromised by the Lumma malware back in October 2023. Indicating the EDR control failed to detect it.
  • Multifactor Authentication (MFA) was not deployed uniformly – MFA makes the ability to use stolen credentials in this way very difficult.
  • Continuous vs. Just-In-Time (JIT) privileged access – It seems like, at best, the authorized session the malicious actor was able to take advantage of was not following best practices and did not force refreshed authentication.
  • A deficient segregation of duties – a single sales engineer should not be able to access dozens of customers’ data.
  • The malicious actor was able to exfiltrate customer data – The fact that massive amounts of customer data were exfiltrated indicates lax egress traffic monitoring and control.

Aside from the actual breach, the alarming aspect is that Snowflake appears to have a very robust security program. They claim to have all the proper security certifications their customers may require. This breach reinforces the point that implementing the right technology controls is just the first step; the only way to know the efficacy of those technologies is to continuously test them using a comprehensive security control validation program. Traditional penetration testing programs are not sufficient either. Organizations must test the ability of a malicious actor to move laterally throughout its environment and then leave with the data they were able to access.”

Leave a comment »

Rogers Starts Expanding 5G Network To The Rest Of Toronto’s Subway System

Posted in Commentary with tags on May 31, 2024 by itnerd

You might recall that Canadian telco Rogers bought the company that put cellular infrastructure in Toronto’s subway system. But at the same time, they all but shut out competitors like TELUS and Bell. That is until the federal government forced Rogers to open things up after a significant uptick in violence on the subway system. As part of that, Rogers had to agree to expand the network with milestones in 2025 and the second in 2026 that they had to hit. Fast forward to today. I got this in my inbox saying that they were starting the process of hitting those milestones:

The expansion work began this week in the tunnels between Kennedy and Warden stations on Line 2. Together with the TTC, Rogers is expanding the network in phases to connect the remaining 36 kilometres of unconnected tunnels. Work is being done during overnight and weekend construction windows to minimize disruption for riders.

When complete, the modernized and expanded 5G network will deliver seamless wireless coverage with mobile voice and data services in all 75 stations and tunnels across Toronto’s subway system, part of Rogers commitment to expand connectivity for Torontonians.

You know what? It’s amazing what a corporation like Rogers will do if the right levers are pulled. As in the feds forcing them to do this. I say that because I am certain that Rogers would not have done this on their own as they’ve never been and never will be that sort of company. Nor would they have opened up this network to non-Rogers customers if they were not forced to do so by the feds. So if you’re in Toronto and you suddenly get cell service in the subway system where you never had it before in the weeks and months ahead, you can thank Rogers for putting in the work to make that happen. But you should also thank the feds for forcing Rogers do the right thing as well.

Leave a comment »

AHEAD & Wiz Announce Partnership 

Posted in Commentary with tags , on May 30, 2024 by itnerd

AHEAD, a leading provider of enterprise cloud, data, and platform solutions, has announced a partnership with Wiz, an AI and cloud security company and Cloud Native Application Protection Platform (CNAPP) provider. Together, they are offering a comprehensive and integrated approach to securing cloud environments, empowering enterprises to confidently harness the potential of AI and cloud.

In today’s rapidly evolving enterprise cloud landscape, organizations face significant challenges in maintaining a robust security posture across their cloud environments. The complexity of cloud architectures, the pace of change in cloud services, and the growing sophistication of cyber threats make it increasingly difficult for organizations to effectively secure their cloud assets.

AHEAD’s Cloud Security Accelerator, powered by Wiz, addresses these challenges by providing a comprehensive and integrated approach to securing cloud environments. The solution offers precise identification of security posture deviations, robust mitigation of vulnerabilities, comprehensive auditing of development and deployment landscapes, and streamlined processes.

AHEAD’s Cloud Security Accelerator allows organizations to take control of their cloud security posture, mitigate risks, and achieve compliance, ultimately enabling them to confidently leverage the power of cloud computing while maintaining a secure and resilient IT environment.

Leave a comment »

TELUS Expands Mobility For Good Program

Posted in Commentary with tags on May 30, 2024 by itnerd

Nine in 10 Canadians who have children 18 and under have reported that their costs of living have significantly increased over the past year, with 61 per cent of families having to adjust their day-to-day expenses (source: Abacus Data). 

To help families stay connected to each other and to services and information that matter most, today, TELUS is launching its Mobility for Good for Low Income Families program, expanding its program to support families across the country receiving the maximum Canada Child Benefit. The program enables families to receive discounted access to TELUS’ Mobility for Good plans, bringing them critical access to connectivity.

Mobility for Good as a whole is already open to 500,000 Canadians, including youth aging out of foster care, low-income seniors, Indigenous women at risk of violence, government-assisted refugees and other marginalized individuals. With today’s expansion, 800,000 families eligible to receive the maximum Canada Child Benefit from the federal government are now able to benefit from TELUS’ Mobility for Good program and can immediately apply through the TELUS’ website

With 97 per cent of Mobility for Good participants reporting the program makes it easier to stay connected to friends, family and support workers and 86 per cent reporting the program helped them find resources in a crisis, this offering couldn’t be more important than it is now.

Leave a comment »

Canadian Business Optimism Wanes Amid Economic Challenges: Zoho

Posted in Commentary with tags on May 30, 2024 by itnerd

The newly released Zoho Canada Business Outlook Report by Zoho Corporation, a leading global technology company, indicates a decline in business optimism among Canadian business leaders due to ongoing economic challenges. The report shows that 61.2% of respondents remain optimistic about the remainder of 2024, compared to 74.1% in the previous Q4 2023 report. Additionally, 32.9% cite the economy as their biggest challenge, and 51.9% indicate a decline in customer spending.

The survey, conducted in April 2024, included 1,000 Canadian business leaders (C-level to manager) and explored business performance, staffing trends, economic impacts, and technology usage. The report also highlights mixed priorities regarding Artificial Intelligence (AI), with 45.4% of respondents not considering it the most critical technology for their business, and moderate concerns about AI replacing existing roles (34.6%).

Key Survey Findings:

  • Respondents continue to be somewhat optimistic about their business with 63.1% of respondents anticipating growth of 1-20% (74.1% in Q4, 2023)
  • Staffing is holding steady with 57.2% of businesses planning to maintain current workforce levels (64% in Q4, 2023)
  • The integration of AI is a mixed priority with 45.4% of people not seeing it as the most critical technology.
  • 51.9% of respondents feel that customer spending is down
  • 24% of businesses indicate that cybersecurity is a technology priority, closely followed by collaboration tools (21.1%) and CRM (20.9%)
  • The availability of employee well-being programs skews towards the negative with 52.1%  of respondents indicating that none exist at their workplaces.

Employee Wellness

Employee wellness initiatives are critical for fostering a resilient and productive workforce, but there’s room for improvement – less than half of respondents indicated that wellness programs exist.

Employee wellness initiatives are split, with:

  • 52.1% of businesses lacking initiatives and 47.9% having some in place
  • Work-life balance is encouraged through flexible work hours (36.3%), remote work options (25.9%), regular breaks (22.4%), and paid time off for mental health days (15.4%).
  • 37.8% have observed a noticeable increase, reflecting a positive shift towards better mental health support

Business Outlook

  • 61.2% of businesses are optimistic
  • 28.6% are neutral
  • 10.2% are pessimistic 

Economic Impact and Customer Spending

Looking ahead, small businesses feel that the economy and a decline in customer spending are most likely to affect their business performance:

  • 32.9% of businesses cite the economy as their biggest challenge
  • 19.7% cite cash flow issues 
  • 14.0% cite funding/capital concerns 
  • Customer spending behavior has been negatively affected, with 51.9% observing a decrease in spending and only 22.3% seeing an increase
  • Ontario respondents indicate a slightly higher decrease of 53.5%, while Quebecers are less at 41.2%

Staffing

Staffing levels remain stable, with businesses planning to maintain their current workforce. However, there are concerns about AI’s impact on employment, with moderate worries about job replacement.

  • 57.2% of businesses plan to maintain their current workforce levels
  • 34.5% intend to hire more staff
  • 8.3% are planning layoffs
  • Concerns about AI replacing existing roles are moderate, with 22.7% somewhat concerned, 22.5% not very concerned, and 18.3% not concerned at all. 14.5% are very concerned.

Technological Integration and AI

While AI is recognized as important by some, many respondents do not consider it the most critical technology for their business. Among the primary factors driving AI adoption are increasing productivity, competitiveness, and reducing headcount/employee costs.

  • 45.4% do not consider AI as the most critical technology for their business, whereas 36.4% recognize its importance
  • The primary driving factors for AI adoption include increasing productivity (49.2%), increasing competitiveness (16.1%), and lowering headcount/employee costs (10.4%)
  • Technological priorities: 24.0% cybersecurity; 21.1% collaboration tools; 20.9% CRM

Report Methodology

Conducted in April, 2024, using Zoho Survey and Zoho Analytics, this study contacted 1,000 individuals across Canada. Participants in the study included a range of business leaders, from the C-level and owner/operators to managers, at small and large enterprises across a variety of industries.

Report Dashboard

Click here for the report dashboard.

Leave a comment »

Coach Atlantic Leverages Cradlepoint to Improve Customer Experience 

Posted in Commentary with tags on May 30, 2024 by itnerd

 Cradlepoint, part of Ericsson, the global leader in cloud-delivered LTE and 5G wireless network and security solutions, today announced that Coach Atlantic Maritime Bus, the largest motorcoach transportation provider in Atlantic Canada, has selected Cradlepoint as its technology provider to deliver internet connectivity onboard its fleet of 250+ vehicles across Prince Edward Island, Nova Scotia and New Brunswick.

Coach Atlantic serves a variety of customers including tours and school sports teams, and has been delivering Wi-Fi to its passengers for over 10 years in line with the company’s dedication to offering great service and amenities. However, over time the company found it was running into issues with the connectivity solution it was using. Uptime was becoming problematic, and maintenance and troubleshooting became more difficult and time consuming — causing frustration for drivers and the IT department, while also costing more money. 

The company made the decision to look at a different solution, and after reviewing several options selected Cradlepoint’s IBR1700 dual modem ruggedized router to roll-out across its fleet, including NetCloud Service for management, service updates and more. The solution delivers access to passengers and drivers on one network.

Providing full-featured routing, security and Wi-Fi, the IBR1700 is a Gigabit-Class LTE networking offering that extends connectivity across a wide range of in-vehicle solutions used by fleets including mass transit, commercial trucks, first responders and near-shore vessels. NetCloud is included with the IBR1700 as an all-in-one subscription, providing a complete cloud management platform with specialized features for connecting, tracking, managing and troubleshooting in-vehicle networks. NetCloud allows Coach Atlantic to manage devices, set limits on data consumption, create web browsing content filters, and manage performance in real-time.

Better connectivity is on the minds of many Canadian business leaders over the next year, according to the recent State of Connectivity report, which found 25 per cent of Canadian business leaders expect improving their organization’s connectivity will grow their organization’s revenue by 10 to 14 per cent. 

Learn more about how Cradlepoint is working with Coach Atlantic in this case study

Leave a comment »

Exclusive Insights from Fortra’s 2024 Penetration Testing Report

Posted in Commentary with tags on May 30, 2024 by itnerd

Fortra recently published its 2024 Penetration Testing Report, which delivers crucial insights into how organizations are employing proactive security measures to fortify their defenses before threats materialize.

This comprehensive report, now in its fifth year, not only tracks trends and challenges but also provides an ongoing evaluation of penetration testing practices. In the interest of getting some more insight on this report, I had a quick Q&A with Chris Reffkin, Chief Security & Risk Officer at Fortra who provided these comments:

62% of respondents said lack of resources to act on findings/perform remediation was a challenge. What advice do you have for organizations with this issue?

Leaders need to understand the “so what” and “what’s the risk” relative to the findings of any security assessment. Not all findings are created equal, including all critical or high issues. Leaders need to translate those key findings into business mission and objective terminology. This will help articulate the risks to business leaders, so they understand the impact of not addressing such findings.

66% of respondents said lack of patching was a big security risk for them. Why does this issue continue to exist and how can pen testing help mitigate this risk?

The challenge of foundational security is not to be underestimated. A robust patch management program with operational considerations is a complex task. With thousands of assets, virtual or physical, and applications, organizations need to orchestrate business processes and other external dependencies to be patched at least monthly. Pen testing can be a valuable tool in this process, helping to concentrate limited resources on making iterative improvements and demonstrating the impact of potential gaps in patch management processes. By tying pen testing results to business objectives and specific control elements like patch management, organizations can drive significant improvements.

How can pen testing, red teaming and security awareness training help prevent phishing threats?

No control or process can prevent phishing threats, although there are several that can help you prepare. Security awareness training will help with high-level employee performance monitoring relative to phishing awareness. Pen testing will assist with broad control analysis of potential vulnerabilities or weak points throughout the environment. Red teaming will help answer the question of what happens after someone clicks the phishing link – a real work simulation of a sophisticated and targeted attack.

What are the cost-effective ways to approach pen testing?

Pen testing cost management comes down to scope and clear expectations on the use of results. One way to manage cost is to set a schedule of testing based on your organization’s risk assessment and cycle through different environments or specific systems based on risk to the organization. To effectively manage costs and achieve manageable results for remediation purposes, it’s more effective to cycle through a focused scope rather than hoping to cover everything with one substantial assessment once a year.

You can have a look at the report here.

Leave a comment »

Oh My! TicketMaster Has Apparently Been Pwned Big Time

Posted in Commentary with tags on May 30, 2024 by itnerd

Recently, threat actors who go by the name of ShinyHunters claimed to have pwned TicketMaster breached and claimed to have compromised 560 million users which is part of a 1.3 TB database. ShinyHunters have claimed to have exfiltrated full names, phone numbers, home addresses, email addresses, payment card info, ticket sales and event information, and order information. The stolen data is being sold on BreachForms for $500,000.

While the threat group has contacted Ticketmaster, they have not yet acknowledged the incident publicly. Ticketmaster has faced cyber incidents in the past, including a bot attack against the ticketing system, disrupting Taylor Swift concert ticket sales. Which makes their problems with the US Justice Department seem trivial in comparison.

Darren Williams, CEO and Founder, BlackFog:

“The breach of TicketMaster shows us how large-scale these operations can be. Now that the data has been exfiltrated from TicketMaster, the threat group can continuously target the individuals through social engineering and phishing attempts. Large entities, especially those such as TicketMaster, must invest in anti data exfiltration technology to ensure no data is leaving their system without proper authorization.”

TicketMaster needs to say something. As in confirming what we already know and what they are going to do to ensure that they don’t get pwned again. They may not think that they have to say anything. But if they don’t, I guarantee that their troubles will multiply.

UPDATE: Ted Miracco, CEO, Approov Mobile Security had this to say:

   “Ticketmaster and LiveNation are not alone. ShinyHunters, a notorious black-hat hacking group, has claimed responsibility for major data breaches at companies including Microsoft, Tokopedia, Wattpad, Pluto TV, Animal Jam, Mashable, and many others. ShinyHunters employ sophisticated techniques like exploiting GitHub repositories, unsecured cloud storage, phishing attacks, and stealing credentials/API keys to gain unauthorized access.

   “The sophistication of these attacks underscores the necessity for robust security practices, including both cloud based API security used in combination with robust edge based security including mobile app attestation and runtime application self-protection (RASP) to defend against such attacks.”  

3 Comments »

Bell deploys 3800 MHz spectrum in select areas of Toronto and Kitchener-Waterloo

Posted in Commentary with tags on May 30, 2024 by itnerd

Bell has announced the deployment of 3800 MHz spectrum in select areas of Toronto and Kitchener-Waterloo, which will offer customers the country’s fastest mobile technology yet on what is already Canada’s fastest 5G+ wireless network.

With the acquisition of 3800 MHz in 2023, Bell secured the most 5G+ spectrum nationwide, adding high-capacity airwaves critical to the advancement of 5G. Bell 5G+ is expected to be even faster and more responsive, allowing for a superior mobile experience with peak theoretical download speeds of up to 4Gbps in select areas.

In addition to deploying 3800 MHz spectrum, Bell and Samsung are undergoing testing to demonstrate its optimal use. Right now, the two are utilizing 5 Component Carrier aggregation (5CCA) on a smartphone device (Samsung Galaxy S24 series) as a means to unlock the fastest mobile speeds available. The 5CCA technology allows the device to access 3800 MHz spectrum, together with Bell’s other available 5G spectrum. Notably, Bell achieved a significant milestone today becoming the first carrier in North America to successfully conduct a 5CCA test on a smartphone over a live production network leveraging 3800 MHz spectrum. During the field test, download speeds of over 2Gbps were achieved, which Bell confirms are the fastest mobile speeds recorded to date in Canada in the field.

By operating Bell’s 5G+ network on 3800 MHz spectrum, complemented with the existing 3500 MHz spectrum, Bell will deliver faster mobile speeds for things like downloading and streaming high-resolution videos, as well as uploading content to share on social media or for cloud photo backups. Bell’s 5G+ spectrum will also allow for greater capacity to manage more devices that connect to Bell’s wireless network and provide lower latency, which means real-time communication and immersive experiences can take place with lightning-fast response time.

For more details about Bell 5G+, including coverage, pricing, availability and compatible devices, please visit Bell.ca/network.

Leave a comment »

Token Expands Leadership Team With New CRO And CTO

Posted in Commentary with tags on May 30, 2024 by itnerd

Token, a revolutionary provider of secure, wearable authentication solutions, today announced the appointment of Robert Osterwise as Chief Technology Officer (CTO) and Tim Tonges as Chief Revenue Officer (CRO). Osterwise and Tonges join Token’s executive leadership team reporting to CEO John Gunn.

As CTO, Osterwise is responsible for advancing Token’s technology vision. He brings deep expertise across multiple areas including circuit design, firmware, and application development. Most recently, Osterwise held the role of Vice President Advanced Technology, Head of IoT, Digital Innovation, Emerging Technologies at Stanley Black & Decker. Before his tenure at Stanley Black & Decker, Osterwise was Technical Director at AT&T and held senior technology roles at Giesecke & Devrient.

As CRO, Tonges is responsible for Token’s sales strategy, revenue growth, and global expansion of the sales organization. Tonges brings more than 20 years of sales leadership experience with technology and cybersecurity solutions at leading companies including FusionStorm, Bell Microproducts, and Pomeroy. He has a history of driving triple digit growth and establishing category leadership.

About the Token Ring with BioTouchSecure

CISA, an agency of the US DHS, reports that 90% of ransomware losses are the result of phishing attacks and cybercriminals gaining access to networks as legitimate users. Token’s Next-Generation MFA Smart Ring stops these attacks by eliminating the inherent weaknesses in 20-year-old legacy MFA technology.

Token Ring is a simple, easy-to-implement, and user-friendly way to stop ransomware attacks. BioTouchSecure integrates capacitive fingerprint biometrics, the most secure form of user authentication, into an attractive wearable device for the ultimate in user convenience and enterprise security. Token Ring was recently honored with Fast Company’s 2024 World Changing Ideas Award.

Leave a comment »

« Older Entries
Newer Entries »