Sisense, a business analytics software company whose clients make up a who’s-who of the business world, recently suffered a compromise that prompted U.S. cybersecurity authorities to issue an alert Thursday warning the firm’s customers of the issue.

Although the details of the attack are not yet clear, the breach may have exposed hundreds of Sisense’s customers to a supply chain attack and provided the attacker with a door into the company’s customer networks, a source familiar with the investigation told CyberScoop.

It’s also not yet clear how many companies are at risk, whether the attackers accessed Sisense customer networks, nor who carried out the attack. 

The Cybersecurity and Infrastructure Security Agency said in an advisory Thursday that it “is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense.”

The alert recommends that Sisense customers reset credentials “potentially exposed to, or used to access, Sisense services,” as well as report to CISA any suspicious activity involving credentials exposed to or used to access Sisense services.

An email alert sent to Sisense customers late Wednesday that was viewed by CyberScoop said the company was “aware of reports that certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet).”

The alert urged customers “to promptly rotate any credentials that you use within your Sisense application.”

Sisense did not respond to multiple requests for comment Wednesday.

Sisense is used by more than 2,000 global companies operating in the finance, health care, retail, manufacturing, media and entertainment, marketing and technology sectors, according to the company’s website. Its clients include Verizon, Air Canada and Nasdaq, among others, although there’s no indication yet that any of those companies’ networks were exposed in the attack.

Targeting software as a service platforms is a tactic abused by both state-backed operations and criminal, financially motivated attacks.

A 2023 operation linked to North Korea, for instance, targeted the 3CX video conferencing and online communications platform, which had been compromised after one of that company’s employees downloaded a compromised version of the financial trading software X_Trader. In another example from 2023, attackers leveraging the CL0P ransomware variant targeted vulnerabilities in the MOVEit file transfer software to eventually compromise thousands of companies and obtain data on potentially tens of millions of people.

In another instance, attackers linked to a nebulous cybercrime ecosystem known as Scattered Spider managed to use access and customer credentials for the authentication platform Okta to target multiple international companies, including MGM Resorts and Caesars Entertainment.

The post Sisense breach exposes customers to potential supply chain attack appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Details of a Phone Scam

February 21, 2024 0 Comments 0 tags

First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. And this

UK Retailers Lost £11.3bn to Fraud in 2023

April 8, 2024 0 Comments 0 tags

Research from Ayden and the CEBR found that 35% of UK retailers fell victim to fraudulent activity, cyber-attacks or data leaks over the past 12 months

LockBit claims a comeback less than a week after major disruption

February 27, 2024 0 Comments 0 tags

A website associated with the LockBit ransomware operation appeared online Saturday less than a week after a law enforcement operation disrupted dozens of servers associated with the group, underscoring the