CISA Issues Sisense Data Breach Warning, Potential Supply Chain 'Ripple Effect'

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a data breach at Sisense, a data analytics services provider.

CISA said it’s collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense.

CISA urges Sisense customers to:

“CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations,” the agency said.

Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants. Sisense’s technology allows organizations to collect, analyze and visualize large amounts of their corporate data by tapping directly into their existing technologies and cloud systems.

Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis.

Sisense CISO Addresses Data Breach

Related:AT&T Data Leak Exposes 73 Million Customers' Information

According to Krebs on Security, Sisense CISO Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

“We are taking this matter seriously and promptly commenced an investigation,” Dash told customers. “We engaged industry-leading experts to assist us with the investigation. This matter has not resulted in an interruption to our business operations. Out of an abundance of caution, and while we continue to investigate, we urge you to promptly rotate any credentials that you use within your Sisense application.”

Sisense didn’t respond to our request for comment.

Sisense Customers Potentially Targeted

Patrick Tiquet, vice president of security and architecture at Keeper Security, said the widespread use of Sisense by large companies across a wide variety of industries amplifies the scope and severity of the reported unauthorized access into Sisense’s systems.

Keeper Security's Patrick Tiquet

“Attackers may seek to exploit their access to further infiltrate the connected networks of Sisense’s customers, creating a ripple effect down the supply chain,” he said. “Customers of Sisense should follow CISA’s guidance immediately, and reset credentials and secrets that have been exposed to or used to access Sisense services. With a supply chain attack, the ultimate target is not the company that’s initially breached, but rather the customers and business partners the company works with. By breaching a single service provider’s network, a threat actor can gain access to dozens–even hundreds or thousands–of other organizations, from large enterprises to government agencies.”

Related:Data Breaches Hit Bank of America, Prudential

Narayana Pappu, CEO of Zendata, said SaaS platforms, including Sisense, rely on multiple third-party suppliers for non-core platform functions, such as access management, communication, CDN support, payments and more.

Zendata's Narayanu Pappu

“This opens themselves up to potentially new attack surfaces,” he said. “Having strong password policies, coupled with multifactor authentication (MFA), supplier security audits and continuous monitoring, would protect the platforms from supplier attacks like the one Sisense experienced.”

Leapfrogging to Larger Organizations

Dan Schiappa, Arctic Wolf’s chief product officer, said based on the “bread crumbs,” there are several possibilities that could have led to this incident.

“The most likely scenario is that there was a misconfiguration somewhere, whether that was an exposure via an on-premises server that threat actors identified or through other systems,” he said. “More and more, we see advanced threat groups leveraging attacks like this on vendors because they recognize it as an opportunity to leapfrog into much larger companies. These attackers know that if even one element of an organization's supply chain is unsecure, they can exploit that vulnerability to gain access to a wealth of private information – which could be detrimental to not just that company, but to all of its customers and partners as well.”