Security News > 2024 > June > YetiHunter: Open-source threat hunting tool for Snowflake environments

YetiHunter: Open-source threat hunting tool for Snowflake environments
2024-06-14 10:26

Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise.

Cloud-based data storage and analytics company Snowflake has recently stated that attackers have accessed accounts of some of its customers by leveraging compromised credentials.

Both companies have provided indicators of compromise and advice on how the potential victims can check for suspicious activity in their Snowflake accounts and data assets.

"We wanted to provide a free, open source tool to help analysts review TTPs and atomic indicators associated with recent attacks targeting Snowflake users. We've done this with other open source tools like CloudGrappler, Cloud Console Cartographer and LogLicker."

"By casting a wider net of indicators and centralizing them in a single script, YetiHunter can provide a comprehensive way to triage threats in your Snowflake environment," Ahl noted.

"We will continue to update the tool in order to keep up with the TTPs of threat groups that are leveraging compromised credentials to infiltrate Snowflake instances of organizations."


News URL

https://www.helpnetsecurity.com/2024/06/14/snowflake-threat-hunting/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Snowflake 6 0 5 8 0 13