July 11, 2024
By Rodman Ramezanian - Enterprise Cloud Security Advisor, Skyhigh Security
It’s a familiar story. An employee’s credentials are stolen by a hacker who uses them to access and exfiltrate troves of data containing sensitive information on millions of customers. The hacker sells the data on the dark web, damaging the reputation of the company and the data privacy of its customers. The victims are never compensated.
The Ticketmaster breach reported in early July 2024, followed this common storyline. Allegedly perpetrated by the notorious cybercrime syndicate known as “ShinyHunters”, the breach compromised 1.3 terabytes of personal information and credit card data of some 560 million customers. The blame was placed on Ticketmaster’s third-party cloud data application provider, Snowflake. Purportedly, hackers used information-stealer malware to steal the login credentials of Snowflake employees. Once the attackers gained access, they created session tokens with the stolen credentials to exfiltrate significant volumes of customer data from Snowflake’s systems.
Security fundamentals 101: How basic security precautions could have prevented this breach
We learned from the 2024 Verizon Data Breach Report that 68% of breaches result from human error and a third are caused by misconfigurations and related issues. In the case of the Ticketmaster breach, Snowflake denied that there was any vulnerability or misconfiguration within its platform or any security weaknesses and stated that the breach was executed through compromised customer credentials. But the Mandiant post-incident report proved otherwise, revealing that the breached accounts in this incident did not have multifactor authentication (MFA) protections in place, and some of the credentials used in the hack had been compromised years prior. Even something as simple as changing passwords on a regular basis might have prevented this breach.
This familiar scenario highlights the fact that not only are organizations dropping the ball on basic security precautions and cultivating a security-aware mindset among employees, they are neglecting to integrate cloud application security into their overall security strategies.
Should organizations just try harder? Or is it time for a new approach?
The reality is that organizations are still struggling with getting employees to be security-minded. That’s why many leading-edge organizations are adopting password-less solutions and embracing Zero Trust architectures to get around the human error problem.
By adopting Zero Trust, organizations can prevent credentials from being used by hackers, even if they have somehow been stolen. Credentials are the crown jewels of digital security, and by simply monitoring the way they are being used, many breaches can be prevented.
Protecting the crown jewels with Zero Trust
In a Zero Trust architecture, advanced technologies enable continuous authentication and posture checks by monitoring users’ context, status, and activities beyond the initial point of authentication to distinguish between what is normal and what is anomalous.
In a Zero Trust architecture, security teams can apply appropriate policies to control access to private applications, web, and cloud resources so that when anomalous behavior is detected, access gets automatically blocked. Policies can be defined by device type (managed or unmanaged), device posture assessment, and access privileges. MFA and other contextual access policies within Zero Trust architecture also help stop the reuse of stolen cloud application credentials.
Beyond authentication, Zero Trust Network Access (ZTNA) protects data
In addition to fortifying user credentials from misuse by malicious actors, a Zero Trust architecture offers deep data inspection and classification using inline data loss prevention (DLP) to prevent inappropriate use of sensitive data. The industry-leading Skyhigh Security ZTNA unifies DLP and threat protection to provide security teams with greater visibility and control.
As hacking collectives like ShinyHunters continue to innovate and improve on their techniques, organizations should do the same with their security, and the Zero Trust architecture approach is a proven winner. That’s why 25% of Fortune 500 companies that use Skyhigh ZTNA to protect their data wherever it is stored, used, and shared most likely won’t be showing up in post-incident reports and articles describing breach details. Don’t let your organization become the next familiar story retold.
To learn more about how Skyhigh Security can protect your organization, take our interactive demo or view our solution brief. Read our most recent Intelligence Digest to find out more about the Ticketmaster hack.
Back to Blogs