Securing the cloud

A burst of attacks on at least 100 Snowflake customers’ databases, all of which were not configured with multifactor authentication, accentuates the murky waters of responsibility in the cloud.

When Snowflake disclosed the series of identity-based attacks targeting its customers’ environments on May 30, the company mostly pinned the blame on customers that didn’t use MFA and leaked credentials. The cloud-based data warehouse vendor does not enforce MFA by default or require its customers to use the technology.

Having MFA built into services by design and on by default is a cornerstone of the Cybersecurity and Infrastructure Security Agency’s secure-by-design principles.

CISA unveiled the initiative in April 2023 and last month announced voluntary commitments from dozens of major technology companies to embrace secure development practices over the next year. The security-by-design pledge has been signed by 140 companies to date, but not Snowflake.

“The idea of a secure-by-design pledge should just not be a thing. The reason it has to be a thing is companies are not doing the right thing,” said Chester Wisniewski, director and global field CTO at Sophos.

“People, given the choice, will continue to choose the wrong thing,” he said. “The lowest-common denominator of security should be stepped up.”

Snowflake asserts shared responsibility, sets changes in motion

Snowflake says the attacks on customers’ databases were not caused by a vulnerability, misconfiguration or breach of its systems. Rather, the cause was an attacker’s use of stolen credentials for customer systems unprotected by MFA, according to the company and its incident response firms Mandiant and CrowdStrike.

Snowflake’s approach to MFA bears inherent limits for its IT administrators. An instance of Cisco Duo that is managed by Snowflake is the only MFA solution available to its customers, and the company doesn’t allow administrators to enforce MFA for a specific role, according to the company’s MFA support page.

“This means Snowflake leaves it up to every user to decide whether they want to enroll with MFA or not,” Ofer Maor, co-founder and CTO at Mitiga, said via email. “While other vendors may also offer the ability to start without MFA, most SaaS vendors, once deployed as an enterprise solution, allow administrators to enforce MFA.”

As pressure mounted on Snowflake and its customers last week, Snowflake CISO Brad Jones said the company is developing a plan to require customers to implement advanced security controls such as MFA or network policies.

Details of the plan were scant, however, including what exactly Snowflake will require of its customers and if it will turn on MFA by default across its platform. Snowflake did not respond to a request for additional information on its security improvement plan.

MFA options need not apply

Cybersecurity experts acknowledge the merits of Snowflake’s position, buoyed by the cloud sector’s shared responsibility model, wherein vendors protect underlying infrastructure and customers secure their data with proper configuration and management. But many describe MFA as a baseline control that bolsters access to enterprise infrastructure and makes a significant impact in thwarting attacks.

“At every corner, when you give organizations a choice about doing the secure thing or not, a large percentage of them are not going to do the right thing,” said Wisniewski.

“Do we continue to allow people to shoot themselves in the foot?” Wisniewski said. “As a security person, my instinct is to say no. We should take away the option to harm yourself. If we give you the choice to do the right thing, and you can't seem to choose to do the right thing, then maybe it just shouldn't be a choice anymore.”

Without hard and fast rules, balancing responsibilities with these dynamics is a tricky proposition.

Placing too much accountability with technology vendors might be an overcorrection that reduces the collective responsibility all stakeholders have in maintaining security, according to Kaustubh Medhe, VP of research and threat intelligence at Cyble.

Some cloud providers have embraced a measured approach to MFA by making services default secure, not default convenient, in particularly risky scenarios, said Charlie Winckless, VP analyst at Gartner.

“Accountability and responsibility in such a model lies with the client, but the provider is focusing not on convenience and speed, but security — helping their client to be more responsible,” Winckless said. “Providers can improve their credibility by providing secure defaults and helping clients — who may not be security practitioners — understand the risks they are incurring.”

Minimum expectations for security controls are shifting quickly, and the unfortunate reality is that credentials to enterprise systems without MFA are heavily targeted by attackers.

In 2023, attackers used compromised legitimate credentials to gain access to victim environments in almost 40% of ransomware attacks where the initial access vector was identified, Mandiant said this month in a threat intelligence report.

“We’re not living in 2006 anymore,” Wisniewski said. “There’s really not a good reason, when you’re allowing people to potentially store incredibly sensitive information that you’re not ensuring that there’s at least that speed bump in the way.”

Weak credentials and misconfigurations across cloud systems were at the root of 3 in 4 network intrusions during the first half of 2024, Google Cloud said in its Threat Horizons Report.

Google Cloud said systems with weak or no credentials were the top initial access vector, accounting for 47% of cloud environment attacks during the first six months of the year. That’s a slight decrease from the second half of 2023 when weak or no credentials were at the root of 51% of attacks, according to Google Cloud.

Misconfigurations were the initial access vector for 30% of all cloud environment attacks during the first half of 2024, marking a significant jump from 17% in the second half of 2023.

Poor identity governance is a chronic condition that cybersecurity professionals, threat hunters and incident response firms have been sounding the alarm over for years.

Legitimate credentials were at the root of a spree of attacks in April targeting more than 100 Snowflake customer environments, resulting in massive data breaches at AT&T, Advance Auto Parts, Pure Storage and other organizations.

Snowflake customers’ credentials were obtained from multiple infostealer malware infections on non-Snowflake owned systems, according to the cloud-based data warehouse vendor and Mandiant. Impacted customer accounts were not configured with multifactor authentication, Mandiant’s investigation found.

Dozens of companies recovering from data theft, extortion demands and advertisements for the sale of allegedly stolen data on the dark web remain mostly shrouded in mystery.

A ransomware attack snarled the U.S. healthcare industry for months earlier this year when an attacker used stolen credentials for a Citrix remote access server to gain access to systems used by Change Healthcare, a subsidiary of UnitedHealth Group. The Citrix portal did not have MFA turned on.

“Weak or no credentials remained a key driver of initial access, accounting for the most frequent successful vector and the second most commonly seen trigger for detection rules,” Google Cloud said in the report.

The identity challenge confronting enterprises is persistent. The Cybersecurity and Infrastructure Security Agency pinned more than half of all attacks on critical infrastructure networks and state and local agencies on valid account credentials in 2022.

In almost 40% of ransomware attacks Mandiant responded to last year, cybercriminals used legitimate credentials or brute-force attacks to gain initial access to victim environments.

IBM X-Force’s annual Threat Intelligence Index report found valid account compromises accounted for almost one-third of global cyberattacks last year, making it the most-common initial access vector for attacks in 2023.

Microsoft will require multifactor authentication for all customers to sign-in to Azure portal, the Microsoft Entra admin center and Intune admin center starting in October, the company said in a blog post.

The company began to send 60-day notices to all Entra administrators impacted by the change. Microsoft said it will review requests from customers with complex environments or technical barriers for additional time to implement mandatory MFA.

Microsoft will phase in MFA at sign-in for Azure Command Line Interface, Azure PowerShell, Azure mobile app and infrastructure as code tools in early 2025, the company said.

The MFA mandate is part of Microsoft’s Secure Future Initiative, an effort the company started in November to overhaul its cybersecurity strategy by integrating key security features into its platforms and services.

Microsoft CEO Microsoft Nadella doubled down on the company’s commitment to advance cybersecurity protection in April, making security the top priority after a withering report from the federal Cyber Safety Review Board criticized the company for prioritizing speed to market over security.

MFA adoption in enterprises remains a sticking point and a key difference maker in potentially preventing catastrophic attacks.

Two of the nation’s most damaging cyberattacks this year — a February ransomware attack against Change Healthcare and a wave of attacks targeting more than 100 Snowflake customers — were attributed to systems without MFA.

Microsoft’s cloud platform Azure serves as the backbone for the infrastructure, compute and services it provides to customers. Microsoft, the second-largest hyperscaler behind Amazon Web Services, ended the second quarter with a 23% share of the cloud infrastructure services market, according to Synergy Research Group.

Microsoft’s MFA mandate on Azure is firm, but the company is being flexible with the types of MFA customers can use to meet the requirement.

Customers can use Microsoft Authenticator, FIDO2 security keys, certificate-based authentication, passkeys and text message or voice-based approval to enforce MFA through Microsoft Entra, the company said.

Cloud security is a top priority for organizations around the world, Thales found in a study released. The report is based on a survey of 3,000 IT and security professionals from 18 different countries.

More than 2 in 5 respondents said they have had their cloud environments breached in the past, with 14% of respondents reporting a breach in the past year. 

For nearly one-third of incidents, human error and misconfiguration are to blame. Respondents also cited the exploitation of known vulnerabilities in 28% of breaches and failure to use multifactor authentication in 17%.

Thales research comes at a time when cloud security is under heightened scrutiny.

Leading cloud providers, such as Microsoft and others, have been targeted by sophisticated threat groups targeting companies, government agencies and other organizations that store data in the cloud. 

A wave of attacks have impacted at least 100 Snowflake customer environments, with those incidents linked to failure to use MFA.

“The cloud is not inherently more secure than on prem,” Todd Moore, VP of data security products at Thales, said via email. “Security is determined entirely by the measures put in place to identify and protect the data within the cloud, and this responsibility lies between providers and users.”

As cloud use becomes more prevalent, companies are finding the attack surface — and the complexity of the network environment — are becoming more complicated. 

Application sprawl is partially to blame. The Thales study found two-thirds of organizations say they use 25 or more SaaS applications. And nearly half of data in the cloud is considered sensitive. 

Despite the high level of sensitivity, only 10% of organizations say they have encrypted 80% of their data.

Organizations with weak cloud security controls and gaps in cross-domain visibility are getting outmaneuvered by threat actors and struck by intrusions, CrowdStrike said in its annual Global Threat Report.

Cloud environment intrusions jumped 75% from 2022 to 2023, as threat actors abused unique cloud features to initiate attacks, the report found.

“This is not surprising,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “We've seen more and more organizations deploying more and more cloud resources without necessarily having a cohesive or equivalent security posture for their cloud deployments as they do in their traditional enterprise deployments.”

Threat actors are taking advantage of inconsistent cloud security structures and “living in that uncertainty between the enterprise and the cloud,” Meyers said last week during a media briefing.

Cybercriminals are using the cloud to deploy tooling, such as Microsoft Azure run commands, inside enterprise targets, according to Meyers.

More than 4 in 5 cloud intrusions directly attributed to a threat actor last year were financially motivated, the report said.

Earlier this month, Proofpoint researchers warned about an ongoing Microsoft Azure account takeover campaign that has impacted more than 100 organizations. The financially-motivated threat actors behind these attacks are targeting individual employees, including executives.

Cyberattacks conducted by cloud-savvy threat actors, or groups that are aware they gained access to a victim-owned cloud environment and use that access to abuse the cloud service, increased 110% last year, according to CrowdStrike.

“These adversaries continue to develop new and innovative ways to operate within the cloud,” Meyers said.

“We also see them using clouds for persistence where they can maintain their persistence into a target if they are detected and a system gets remediated,” Meyers said. “Oftentimes, they’re able to create another account inside the cloud to come back through.”

Chris Betz is neither fearful nor overly optimistic about the role of generative AI in cybersecurity. Instead Betz, CISO at AWS, balances both ends of the spectrum — he treats it just as he does any other burgeoning technology.

“For what it’s worth, I’m not sure that the sky is falling,” Betz told Cybersecurity Dive.

The security industry has not yet seen evidence that substantiates broad concerns about threat actors using generative AI to initiate cyberattacks more quickly, more often or with more damaging outcomes.

While researchers expect AI to amplify the impact for defenders and attackers, threat actors' use of AI in their operations is limited, according to Crowdstrike’s annual global threat report. “Throughout 2023, generative AI was rarely observed supporting malicious computer network operations development and/or execution,” the firm said last month in the report.

It’s tough and too early to say if the advantages afforded by generative AI rest with defenders or attackers, according to Betz. Threat actors and security professionals are leveraging the technology in scenarios that play to their strengths.

For defense, generative AI can resolve problems faster and more efficiently. Organizations can use AI to scan for hard-to-find vulnerabilities and determine steps for remediation.

“There's a ton of information for security analysts to understand. There's a ton of information for an application security engineer to understand. That ability to synthesize, to help answer questions, to help lead and find the right data and bring it together in a usable way is incredibly powerful for defenders,” Betz said.

“That's perhaps the place where attackers are not quite in the same place. They don't have that rich data about the people that they're attacking. And so this could be a case where there's an advantage to the defender.”

AWS wades into generative AI

While the other cloud giants Microsoft Azure and Google Cloud have rushed to scale products built on generative AI, AWS is taking a cautious approach. Company executives aren’t keen to overemphasize the capabilities of generative AI, yet Amazon has released multiple products built upon the technology.

The world’s largest cloud infrastructure operator presents generative AI, and the products it's built around it, as a tool that requires AWS to apply the same underpinnings it does with any other technology. Consistent data governance models, identity and access management, logging and traceability are critical, Betz said.

His conversations with customers on generative AI typically revolve around unforeseen risks and the opportunities businesses have to improve operations and build applications with the technology in a secure manner.

The flipside is that attackers now have access to the same tools, and “that’s always been true in cybersecurity and always been true in technology,” Betz said. “That doesn't mean that there are not real threats that we need to pay attention to here.”

Threat actors could gain significant leverage from the social engineering capabilities and faster code development attributes of generative AI, according to Betz. Yet that outcome, too, isn’t determined or irreversible. “It’s hard to read at this point,” Betz said.

The ability to deliver generative AI’s capabilities in a way that exceeds the same bars of integrity, competence and trust as other AWS technologies is what’s important, he said.

“It’s a tool in the toolbox. It’s not the only tool. It’s not a magic wand that could change the world, but there’s some really cool ways that you can use it,” Betz said. “I’m more focused on using it than trying to figure out the relative advantage. It’s just an important tool.”

Snowflake once again tried to distance itself from a wave of attacks that hit more than 100 Snowflake customer environments in April. The cloud-based data warehouse vendor said responsibility for security rests with its customers, not Snowflake.

“As extensively reported, the issue wasn’t on the Snowflake side,” CEO Sridhar Ramaswamy said during the company’s earnings call in August for the quarter ending July 31. “After multiple investigations by internal and external cybersecurity experts, we found no evidence that our platform was breached or compromised. However, we understand that when it comes to cybersecurity, we are all in this together.”

The attacks had no impact on Snowflake from a consumption standpoint during the quarter, CFO Michael Scarpelli said during the call. And there’s no indication the attack spree on Snowflake customers impacted the company’s financial performance.

Snowflake’s response to the attacks on its customers, and the message it conveys on cloud security ownership, has been consistent and firm: responsibility lies with customers. 

One reason Snowflake remains “slightly muted” about the attacks is because the company itself wasn’t directly impacted, Ramaswamy said during the call.

“The people that got breached, these are our customers, and we want to work closely with them to make sure that they get out of the difficult situation that they are in,” Ramaswamy said.

“There’s not really been any noticeable impact or delay in things like our ability to sign up new customers or get existing customers to deploy new projects,” he said. “We just need to be more proactive about having the security conversation, and we absolutely do that.”

Three months after the attacks hit customer environments without multifactor authentication turned on, Snowflake established a new policy in July to allow administrators to require MFA for all users or specific roles.

MFA is now enabled by default for all newly created customer accounts, but the security control remains optional for existing customers.

“This whole situation is unfortunately representative of a very messy cybersecurity market,” Katell Thielemann, VP distinguished analyst at Gartner, said via email.

“Too many CISOs think they can ‘buy’ security only to find out after the fact their cybersecurity vendors only sell tools and do not share their sense of security posture ownership,” Thielemann said.

Snowflake’s MFA policy reflects the challenges technology vendors confront in instituting sweeping changes to a widely used platform. The company employs a shared responsibility model where customers are solely responsible for creating and securing access credentials to the Snowflake platform.

The burst of attacks on Snowflake customers’ databases tested the cloud market’s shared responsibility status quo.

“Too many CISOs think they have signed up for a shared responsibility model when in fact they cannot abdicate security ownership to any vendor,” Thielemann said.

Having MFA built into services by design and on by default is a cornerstone of the Cybersecurity and Infrastructure Security Agency’s secure-by-design principles. Snowflake is one of nearly 200 companies that have signed CISA’s secure-by-design pledge and voluntarily committed to embrace secure development practices over the next year.

Snowflake’s revenue increased 29% year over year to nearly $869 million in its fiscal 2025 second quarter. The company reported no financial impact from the attacks on its customers, yet losses widened to almost $317 million, up from almost $227 million in the year-ago quarter.

Google Cloud’s VP and CISO Phil Venables is unequivocally convinced generative AI can and will give defenders an advantage over attackers, and by quite a significant margin in the next three to five years.

Venables and his colleagues at Google argue AI can reverse the defender’s dilemma, a “classic truism, if not cliche, that attackers only have to be right once but defenders have to be right all the time," he told Cybersecurity Dive.

Google launched the AI Cyber Defense Initiative last month to advance the development of AI for digital security. A corresponding report it published at the same time proposes the development of autonomous cyber defenses, and research in the design, build and use of AI in system safety.

Most of the report is visionary with forward-looking examples that have yet to materialize, including AI-integrated defensive systems with access to telemetry and analysis, tools that manage and fix an organization’s attack surface and systems that learn from global attack data and find vulnerabilities more comprehensively than attackers.

The structural characteristics of AI fuels Venables' optimism in developing foundation models trained on threat data, institutional data and security knowledge and tooling that can add up to at least a tenfold transformation in capability and productivity.

“Fundamentally, when you think about what an AI is and does it’s something that’s trained on a set of data and then fine tuned with an organization’s own data, plus a lot of the tuning of the organization’s context and expertise,” Venables said.

“This is exactly the asymmetry in the favor of the defender, because we as defenders can fine tune an AI to be our perfect assistant to the whole of the environment. Whereas an attacker has to be generic across everything,” Venables said.

“By the way, if the attacker had all the data that the organization has then they don’t need to attack anyway because they’ve already won.”

Attackers’ AI use remains narrow, by design

Executives at many cybersecurity firms view generative AI as a viable mechanism to boost defense and lift the performance of their respective businesses, but not everyone is convinced the technology will deliver significant benefits.

Defenders can already reorient systems around resilience and reclaim attacker advantages for themselves with modern software engineering practices, according to Kelly Shortridge, senior principal engineer in the CTO office at Fastly.

“I think it’s pretty much a solution in search of a problem, especially in cybersecurity,” Shortridge told Cybersecurity Dive last year, commenting on generative AI technology broadly. “I think we want to be part of the new hotness, but we don’t really understand how it applies.”

Security researchers have yet to observe evidence of threat actors using generative AI to substantially improve their operations or initiate cyberattacks. But just because AI hasn’t proven to be effective for attackers to date, doesn’t mean the same outcomes will apply to defense.

“What excites me about the opportunity, particularly in security going forward, is just the ability for us to augment both human operations capabilities to analyze threats more quickly, and to generate more automated defenses ever more quickly,” Venables said.

The “slightly cynical reason” attackers haven’t extensively added AI to their arsenal of tools thus far is because they haven’t had to, Venables said. Threat actors are achieving their goals without AI.

“I like to think that attackers are rational economic actors. They're not going to spin up a whole bunch of activity when they’re being successful every day with their traditional techniques,” Venables said.

Threat actors are using AI to craft more accurate and luring phishing campaigns, which is the “perfect use case because it can mass produce” messages in a place that gives attackers the maximum economic return as they social engineer their way into some form of unauthorized access, Venables said.

Rewards outweigh risks

His predictions for AI in security contrast with his counterpart’s current outlook for the technology at AWS. AWS CISO Chris Betz told Cybersecurity Dive last week it’s too early to say if the advantages afforded by generative AI rest with defenders or attackers.

“There's clearly a long way to go in terms of adoption, integration, fine tuning and making it real inside organizations,” Venables said. “But I definitely think that, medium to long term, it gives defenders a pretty significant structural advantage.”

Flipping the script on security with a big assist from AI requires some degree of expertise in an organization, specifically as it integrates AI models with tools, internal data and context.

“For many organizations, there's still a lot of basic vulnerabilities that have yet to be closed down,” Venables said.

AI can help businesses identify problematic vulnerabilities, he said. The technology can also serve as a guide for proper configurations in cloud or on-premises infrastructure and the right way to construct software.

“The common pattern across all of this is, AI is great at many things when they're acting on their own, but they're typically great at most things when you use them as a complement to a human activity,” Venables said. “You're using it to amplify skills and productivity of an existing human, and I think that’s pretty exciting.”

There are a few signals, or leading indicators, Venables is looking for as evidence of defenders gaining the upper hand with AI:

• Increased productivity of the security team’s efforts
• Expanded sensory coverage with the same amount of people and tools
• Quickened resolutions of a known new threat or vulnerability

When, and if, these outcomes are realized with AI for cyber defense, the lagging indicators of fewer cyberattacks and security incidents will almost be guaranteed, according to Venables.

While Venables has broad concerns about how organizations can safely adopt AI, he doesn’t foresee risks akin to the overcorrected images Google’s next-generation large language model, Gemini 1.5, generated soon after its release in mid-February.

“We're literally just using its very deep structural analysis capability to look at a context of data against a foundation set of knowledge,” Venables said. “You do have to be careful to fine tune its output but you're generally not subject to the same types of risks that you would do if you're just running it as a general image generator or a general chatbot out there being subject to any type of prompt.”

Businesses around the world screeched to a halt on July 19 after millions of Windows computers crashed, flashing the dreaded blue screen of death. The culprit: a software update in security vendor CrowdStrike's platform, which led to hours of disruption for some — and days for others.

The IT outage grounded airlines across the country and crashed banking apps, showing the tangible effects a bad piece of code can have in any IT-dependent operation. 

In the aftermath of the CrowdStrike outage, analysts stressed to CIOs and other tech leaders the need for closer scrutiny over automatic software updates. Part of the problem is a steady push toward broader IT automation and the industry's disproportionate reliance on centralized vendor updates.

"There's been an almost crazed drive towards automation of SaaS over the last five years," said Phil Fersht, CEO and chief analyst at HFS Research. 

"This is a big, big wake up call to the whole IT industry's overreliance on a blind trust that everything's just going to be upgraded," said Fersht. "Fairly small code issues can cause massive ramifications as we've just seen."

The faulty update that triggered CrowdStrike's global outage was live for little more than one hour, but automated updates amplified its reach. Fortune 500 companies grapple with financial losses from the outage, surpassing $5.4 billion, according to one estimate. 

"I think it's just been a little bit of complacency," Fersht said. "Too much trust in big tech that, as long as we buy Microsoft, for example, everything's going to be fine."

Automation frustration

The CrowdStrike outage showed the consequences of a critical software failure landing in widely adopted solutions by way of automatic updates.  

Automating IT updates slowly grew in popularity, driven by the availability of package-manager utilities in Unix and later Linux, said Charles Betz, research director at Forrester. Centralized patch management soon emerged for laptop fleet management, and then Microsoft's move to cloud-based solutions like Microsoft 365 provided a watershed moment.

"I think the convenience has been seductive," Betz said. 

Without proper quality assurance mechanisms, blind trust in automated vendor updates can lead to widespread issues in critical systems.

"Automation replicates a result quickly and consistently without regard for the virtue of that result," said John Annand, research director at Info-Tech Research, in an email. "A bad change propagates just as fast as a good change."

IT downtime, no matter the root cause, can impact operations and fuel customer frustration. It also comes with a high sticker price: downtime costs U.S. businesses more than $400 billion per year, according to Splunk data.

It's up to technology leaders to stave off the effects of future faulty software updates by putting safeguards in place, according to Annand. As IT organizations look to AI and automation, the outage highlighted the need for internal checks and balances, Annand said.

Preventing the next big one

Analysts have flagged the importance of risk mitigation techniques such as canary deployment — preliminary rollouts under controlled conditions prior to broader deployments. 

Following the outage, CrowdStrike announced it is taking steps to restore customer confidence, such as adding additional validation testing and releasing new updates through a staggered deployment strategy. 

"Quality assurance and regression testing are critical," said Jen Kling, Microsoft global partnership director at TEKsystems. "You cannot just blindly trust whatever updates are being pushed out."

Executives must consider whether critical systems and applications should adhere immediately to release cycles or if it's pertinent to delay updates until their operational safety can be confirmed.

"When you do your business continuity and your disaster recovery planning, you have to think about how quickly you accept those" updates, said Kling. "There were a lot of companies that immediately accepted what was pushed out."

In the post-CrowdStrike world, a shift in perspective is already underway.

"There's going to be, and already is, a greater level of stringency around testing upgrades," Fersht said. "You can do digital twin models, more and better use of synthetic data, better testing of these things before they occur."

Matt Ashare contributed to this story.