Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Already in 2024, nearly 10,000 publicly disclosed global data breaches affected hundreds of millions of user records. Apple, Meta, and Twitter all succumbed to data breaches in 2024 (and numerous times in the past), providing the public and its shareholders with a stark reminder that malicious activity constantly makes user data susceptible to cybercriminal activity, no matter the platform or level of password security.

It had already been a challenging few weeks for Live Nation Entertainment, Inc. as they faced down a lawsuit from The Justice Department regarding anti-competitive practices. Things got worse at the end of May when a cybercriminal known as “SpidermanData” claimed to have breached a huge database of 560 million records (including personal and financial data) belonging to TicketMaster Entertainment, LLC – a Live Nation company.

Recent reports reveal that up to 165 customers of Snowflake, a prominent cloud data warehousing platform, have fallen victim to a sophisticated data breach and extortion campaign. This ongoing operation, identified by cybersecurity firm Mandiant as UNC5537, underscores broader implications for cybersecurity practices in cloud environments. Understanding the UNC5537 Campaign.

Some organizations are just beginning their migration to the cloud, while others are already firmly settled there, but almost everyone is in the cloud in some capacity by now. And for good reason: the cloud creates substantial advantages in speed, scalability, and cost. But the sobering reality is that modern threat actors have also made gains from migrating to the cloud. By weaponizing cloud automation, these threat actors can fully execute an attack in 10 minutes or less.

The interconnected nature of our digital economy requires a shift in how companies think about their cyber risk. Companies need to consider the broader system and how to build mutual support with their entire cyber ecosystem– customers, partners, and vendors. Yet, today, most companies still rely on manual vendor onboarding, monitoring, and point-in-time external security reports to manage supply chain cyber risk – even top Fortune 500 companies.

Hackers recently claimed on a known cybercrime forum that they had stolen hundreds of millions of customer records from Santander Bank and Ticketmaster. It appears that hackers used credentials obtained through malware to target Snowflake accounts without MFA enabled. While it's easy to blame Snowflake for not enforcing MFA, Snowflake has a solid track record and features to protect customer data. However, errors and oversight can happen in any organization.

In an alarming revelation, First American Financial Corporation, the second-largest title insurance company in the United States, disclosed that a cyberattack in December resulted in a significant data breach affecting 44,000 people. This incident underscores the importance of robust cybersecurity measures and services such as phishing takedown, online risk evaluation, stolen credentials detection, and darknet monitoring.

In a significant cybersecurity incident, Cencora, a leading pharmaceutical services provider, experienced a data breach in February 2024, exposing sensitive patient information from 11 major pharmaceutical companies. This breach underscores the critical importance of robust enterprise risk management, vulnerability management, and endpoint security in protecting sensitive data and managing online reputation.

On May 20th, 2024, Live Nation, the parent company of Ticketmaster, uncovered "unauthorized activity" within one of its cloud databases. This breach was swiftly followed by the hacker named called ShinyHunters claiming responsibility. The repercussions of this incident are vast, impacting millions of users and revealing significant vulnerabilities in the security infrastructure of one of the world's largest entertainment companies.

On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake, in its SEC filing. The database contains information regarding the company, primarily from its Ticketmaster subsidiary. Following this filing and in the following days, analysts discovered multiple clients of Snowflake have had data posted on the Dark Web for sale.