While details are still emerging, the US federal government has issued a password compromise warning to customers of business analytics platform Sisense and encouraged immediate recovery.
The Cybersecurity and Infrastructure Security Agency (CISA) advisory urges Sisense customers not only to do so reset your credentials on the platformbut also for the passwords of any other sensitive data potentially accessible through the Sisense services.
The software-as-a-service (SaaS) platform uses what it calls “AI-powered analytics” to provide insights to more than 2,000 companies including Air Canada, Nasdaq and ZoomInfo.
Sisense did not respond to Dark Reading’s request for comment.
According to Patrick Tiquet, vice president of security and architecture at Keeper Security, Sisense is an ideal target for threat hunters interested in launching advanced cyberattacks on the supply chain.
“Attackers may seek to leverage their access to further infiltrate the connected networks of Sisense customers, creating a ripple effect along the supply chain,” Tiquet said in a statement. “Sisense customers should immediately follow CISA’s guidance and reset credentials and secrets that have been exposed or used to access Sisense services.”
Possible attacks on the Sisense supply chain
The federal government’s quick response is a sign that the Sisense compromise is being taken very seriously, Sean Deuby, principal technology expert at Semperis, said in a statement, calling the CISA notice “disturbing at best.”
“As we know from recent breaches disclosed by MGM Resorts AND Palace of the Caesars“, the supply chain continues to be the most difficult arena to secure and is a breeding ground for cyber adversaries,” Deuby’s statement continued. “And these two examples unfortunately pale in comparison to the damage caused by supply chain attacks such as I want to cry, SolarWindsAND Cashierwhich impacted tens of thousands of organizations and cost hundreds of millions in incident response and recovery costs.”
In addition to password resets, Jason Soroko, Sectigo senior vice president of product, recommends Sisense customers take a look at API password keys.
“Details about the Sisense breach are unknown; however, my advice for action would be to change the passwords of any Sisense accounts, reset the API keys used for services associated with Sisense, and watch for any unusual activity from April 5 onwards” , Soroko said. in a statement.