While details are still emerging, the US federal government issued a password compromise warning to customers of business analytics platform Sisense and encouraged an immediate reset.
The advisory from the Cybersecurity and Infrastructure Security Agency (CISA) urges Sisense customers not only to reset credentials to the platform, but also for passwords to any other sensitive data potentially accessed through Sisense services.
The software-as-a-service (SaaS) platform uses what it calls “AI-driven analytics” to provide insights to more than 2,000 companies including Air Canada, Nasdaq, and ZoomInfo.
Sisense did not respond to Dark Reading’s request for comment.
Sisense is an ideal target for threat hunters interested in launching advanced supply chain cyberattacks, according to Patrick Tiquet, vice president of security and architecture at Keeper Security.
“Attackers may seek to exploit their access to further infiltrate the connected networks of Sisense’s customers, creating a ripple effect down the supply chain,” Tiquet said, in a statement. “Customers of Sisense should follow CISA’s guidance immediately and reset credentials and secrets that have been exposed to or used to access Sisense services.”
Sisense Supply Chain Attacks Possible
The federal government’s quick response is a sign the Sisense compromise is being taken very seriously, Sean Deuby, principal technologist with Semperis, explained in a statement, characterizing CISA’s advisory as “ominous at best.”
“As we know from recent breaches disclosed by MGM Resorts and Caesars Palace, the supply chain continues to be the most difficult arena to secure, and it’s fertile ground for cyber adversaries,” Deuby’s statement continued. “And these two examples unfortunately pale in comparison to the damage caused by supply chain attacks such as WannaCry, SolarWinds, and Kaseya, which impacted tens of thousands of organizations and cost hundreds of millions in incident response and recovery costs.”
In addition to password resets, Jason Soroko, senior vice president of product with Sectigo, recommends Sisense customers take a look at API password keys.
“The details around the Sisense breach are unknown; however, my recommendations for action would be to change passwords of any Sisense accounts, reset API keys used for services associated with Sisense, and look for any unusual activity from April 5 onwards,” Soroko said in a statement.
Source: www.darkreading.com