MSSP Market News: Snowflake Data Breach, Microsoft Recall Feature

Every business day, MSSP Alert delivers a rapid set of news, analysis and conversations from around the MSSP, MSP and cybersecurity world.

Reaching our inbox:
Send news, tips and gossip to Editor-in-Chief Jim Masters: (email protected).

Today’s Market News with MSSP Alerts:

1. Consequences of the Snowflake data breach and how to protect customers – A new report from Mandiant reveals what Wired magazine is calling what is now one of the largest data breaches in history. Customers of artificial intelligence and data analytics company Snowflake are being targeted for attacks using stolen credentials. Mandiant said Snowflake customers should implement two-factor authentication on their instances, noting that all breaches it observed involved customers who had not enabled the feature. Since Snowflake’s business relies heavily on working with its customers’ data, this breach could have far-reaching consequences.

2. Microsoft is reversing part of the recall – Microsoft’s upcoming AI-powered Windows Recall feature, which takes screenshots of a user’s active screen every few seconds, will undergo some changes in response to objections from security experts. On Friday, Microsoft announced in a blog post that the Recall feature will no longer be activated by default, requiring users to opt-in to use the feature. Additionally, users will need to complete the biometric enrollment process in Windows Hello to enable Recall, which reduces the risk of a hacker enabling it on an opted-out user’s computer.

3. Cylance Data Breach – Cylance responds to reports of data breaches. The company says data samples posted on the dark web appear to be old marketing data used by Blackberry Cylance. The company told BleepingComputer that no Blackberry data and systems relating to customers, products and operations were compromised.

4. New XDR/XSOAR integration – OpenXDR provider Stellar Cyber ​​is creating a new integration with Palo Alto Networks Cortex XSOAR, a security coordination and response platform, to streamline the cyber investigation workflow process from start to finish. This integration is expected to help security teams reduce mean time to detection (MTTD) and mean time to response (MTTR), two critical metrics monitored by most security team leaders.

5. Cyber ​​activity linked to China and Russia is growing — The new CyberThreat report from Trellix, an XDR provider: June 2024, details growing cyber activity related to threat actors linked to China and Russia, the emergence of phishing scams related to U.S. election donations, an unusual ransomware ecosystem, and a growing using hard-to-detect threat actors designed to bypass endpoint protection and response (EDR) technologies used by organizations around the world.

6. Using DBIR data for risk assessment — HALOCK Security Lab found a way to practically apply Verizon’s raw data to risk assessment and was recognized for its contributions to the 2024 Verizon Data Breach Investigations Report (DBIR). HALOCK’s HIT Index (HALOCK Industry Threat Index) leverages Verizon’s sourced dataset from the community, known as the VERIS Community Database (VCDB), which contains over 10,000 breach records in over 2,500 columns detailing the characteristics of each attack. The HIT Index is a detailed analysis of VCBD data against a set of cybersecurity protections. It states that the more often a threat appears in incident documents, the greater the likelihood that it will be the cause of a possible incident. A version of the HIT Index methodology has been submitted to the Center for Internet Security (CIS) and incorporated into the CIS Risk Assessment Methodology (CIS RAM 2.1), which is made freely available to the cybersecurity community.

7. Upcoming development of the privileged access management market – Analyst firm Technavio says the market size for privileged access management solutions will grow by 34.08% from 2024 to 2028, representing an increase of $10.71 billion. The demand for multi-factor authentication (MFA) for privileged accounts is driving market growth, with BYOD (bring your own device) becoming more widely adopted. However, issues related to system integration and interoperability remain a challenge.

8. Updated Compliance Platform as a Service – Compliance Scorecard, a provider of Governance-as-a-Service solutions built by MSPs for MSPs, has unveiled the latest version of its Compliance-as-a Service (CaaS) platform. The updated platform now includes advanced risk management tools, enhanced asset management capabilities, and new compliance reporting methods designed to help MSPs strengthen their cybersecurity service offerings and unlock new revenue opportunities. Compatibility Scorecard will be showcasing improved features as a silver sponsor at the Pax8 Beyond conference this week.