Dive Brief:
- The Cybersecurity and Infrastructure Security Agency is responding to a compromise at data analytics firm Sisense, the agency said Thursday in a security alert.
- The company, with offices in New York, Tel Aviv and London, is a business intelligence and data analytics platform for businesses around the world. CISA urged Sisense customers to reset credentials and any secrets potentially exposed to the attack.
- CISA said it is working with private sector partners to investigate the supply chain attack, with particular focus on critical infrastructure providers.
Dive Insight:
CISA provided few details on the nature of the attack, but security researchers warn the impacts could be widespread.
The attack appears to have started when undisclosed threat actors gained access to the company’s GitLab code repository, according to security journalist Brian Krebs. The repository included credentials or tokens that could provide access to the company’s Amazon S3 buckets, according to the report.
Security analysts said the attack is an example of the growing risks associated with identity management.
“The first [trend] is that misconfiguration of security infrastructure and cloud applications is a major cause of breaches,” Peter Firstbrook, distinguished VP analyst at Gartner, said via email. “It is not enough to have the best products; they need to be continuously monitored for the correct configuration. The second is that identities are under attack.”
Security researcher Marc Rogers said on X, the site formerly known as Twitter, that a key issue with Sisense is the company requires access to the confidential data sources of their customers. The company has direct access to Java Database Community connections, secure shell protocol and SaaS platforms.
Sisense reached out to customers on Thursday with a list of mitigation measures, including instructions to reset keys, tokens or other credentials, Krebs reported.
Hyperproof, a SaaS risk and compliance startup firm, released a notice Thursday saying it had terminated its relationship with Sisense at the end of March and removed Sisense code from its own, according to a blog post. That earlier decision was not related to the breach, according to Hyperproof.
However, Hyperproof officials said there may be some overlap with data that still resides at Sisense.