3rd Party Risk Management , Governance & Risk Management

Sisense Breach Highlights Rise in Major Supply Chain Attacks

Experts Warn of Growing Threat From Supply Chain Attacks After High-Profile Breach
Sisense Breach Highlights Rise in Major Supply Chain Attacks
Cybersecurity experts fear a surge in supply chain attacks. (Image: Shutterstock)

Cybersecurity experts are raising the alarm about a surge in supply chain attacks targeting critical infrastructure sectors following a major breach at a business analytics firm that potentially exposed sensitive data belonging to global corporate giants.

See Also: 2024 Global Threat Landscape Overview

The U.S. Cybersecurity and Infrastructure Security Agency is spearheading an investigation into the attack on Sisense - which provides data analytics services to organizations such as Nasdaq, Verizon, Philips Healthcare, Air Canada and hundreds more - after independent security researchers discovered the breach on April 10. The U.S. cyber agency issued a warning Thursday urging Sisense customers to reset login credentials, investigate any data "potentially exposed to, or used to access, Sisense services," and report any suspicious activity involving their credentials to CISA.

Many of the details of the attack are not yet clear, but the breach may have exposed hundreds of Sisense's prominent customers to a supply chain attack that gave hackers a backdoor into the company's customer networks, a CISA official told Information Security Media Group. Experts said the attack suggests trusted companies are still failing to implement proactive defensive measures to spot supply chain attacks - such as robust access controls, real-time threat intelligence and regular security assessments - at a time when organizations are increasingly reliant on interconnected ecosystems.

"These types of software supply chain attacks are only possible through compromised developer credentials and account information from an employee or contractor," said Jim Routh, chief trust officer for the software security company Saviynt. The breach highlights the need for enterprises to improve their identity access management capabilities for cloud-based services and other third parties, he said.

Security intelligence platform Censys published insights into the Sisense breach Friday. It found that the attack affected organizations across a wide variety of sectors, from sales and marketing to healthcare and social assistance. The company obtained screenshots of nearly 500 endpoints and identified the owners of at least 120 specific deployments or installations of the Sisense software that could be vulnerable or affected by the breach.

Industries such as internet and information technology, logistics, energy and utilities were also identified in the data, according to Censys.

"Although we don't have clarity on the type of cyberattack, the nature of this incident will likely have far-reaching effects," said Jess Parnell, CISO of the cybersecurity firm Centripetal. "The current moment stands as a paradox: More resources are allocated to prevent threats, yet incidents continue to escalate."

Foreign adversaries and cybercriminals have increasingly targeted software-as-a-service platforms with supply chain hacks to maximize the impact of financially motivated attacks and to sow as much chaos and disruption as possible across sectors, according to analysts.

In September 2023, hackers accessed data from Okta customers after using stolen credentials to breach a support case management system and then break into various networks, the identity management company confirmed in a blog post at the time. The Clop ransomware group carried out a supply chain attack in 2023 on Progress Software's popular MOVEit file transfer product that left nearly 77 million individuals' information exposed (see: Known MOVEit Attack Victim Count Reaches 2,618 Organizations).

Organizations that rely on interconnected systems should immediately take proactive steps to prevent similar breaches, according to Malachi Walker, security adviser for the internet intelligence firm DomainTools. The steps include "profiling vendors with security in mind before agreeing to trust them with their data."

"If the supply chain is a trusted extension of one's environment, it makes sense for threat modeling to encompass what happens if one of those organizations is compromised in addition to internal threat modeling efforts," Walker said. "This would also include regularly monitoring vendors with the monitors one has in place with their organization."

CISA said it is taking "an active role in collaborating with private industry partners" to respond to the breach and is focusing on affected critical infrastructure organizations.

Sisense CISO Sangram Dash reportedly contacted customers following the breach to say that the company recruited "industry-leading experts" to assist with an investigation and that the incident did not result "in an interruption to our business operations."

"Out of an abundance of caution, and while we continue to investigate, we urge you to promptly rotate any credentials that you use within your Sisense application," the message says.

Sisense did not respond to multiple requests for comment.

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.