The Cybersecurity and Infrastructure Security Agency alerted Sisense customers to reset credentials and secrets that were potentially exposed in a recent breach of Sisense’s AI-based data analytics services.
Sisense, with offices in New York, London and Tel Aviv, develops analytics software for telecoms, airlines, and tech giants. According to its website, some its large customers include ZoomInfo, Nasdaq and Air Canada.
Security pros were concerned that the industry was now dealing with yet another major supply chain attack.
“This can be a devastating compromise, as the data harvested by the attackers can not only contain sensitive and proprietary data about the company, but also access to their customers key integrated data sources,” said Ken Westin, Field CISO at Panther Labs. “Attackers are getting smarter about targeting the supply chain whether it’s code or data, and there’s a larger ROI in gaining access to a tool or service used by many companies versus targeting individual organizations themselves.”
Data sources potentially integrated with Sisense include the following: Athena, Azure Synapse, Databricks, Google BigQuery, MySQL, Oracle, PostgreSQL, Redshift, SingleStor, Snowflake, and SQL Server.
“With a supply chain attack, the ultimate target is not the company that’s initially breached, but rather, the customers and business partners the company works with,” said Patrick Tiquet, vice president, security and architecture at Keeper Security. “By breaching a single service provider’s network, a threat actor can gain access to dozens–even hundreds or thousands–of other organizations, from large enterprises to government agencies.”
News of the Sisense incident first emerged on April 10 when noted cybersecurity journalist Brian Krebs posted a note sent by Sisense Chief Information Security Officer Sangram Dash that urged customers to rotate any credentials that they use with the Sisense application.
As of Thursday afternoon, any more specifics on the breach were hard to come by. An attempt to reach Sisense for comment was unsuccessful.
John Allison, director of public sector at Checkmarx, said at this time there’s scant information regarding the breach, with CISA telling organizations to immediately rotate their credentials and any secrets shared with Sisense.
“The lack of any technical specifics being published by CISA and the lack of anything from Sisense is an indicator of how serious the incident likely is,” said Allison. “CISA is very careful not to release information that may help an attacker. Based on the alert, the current worst case is a compromise of all of a customer's credentials and secrets.”
Our brave new AI world
Sisense’s software lets organizations collect, analyze and visualize large amounts of corporate data by tapping directly into their existing technologies and cloud systems.
The company uses an AI algorithm that runs in the background and scans the entire dashboard base associated with a particular data model. Sisense has emerged as a competitor to Tableau, another popular data analytics platform.
As AI technology advances, companies that deliver the data that supports AI analytics may face increased targeting from cybercriminals looking to exploit the data, and also exploit AI algorithms to identify vulnerabilities in systems or increase sophistication in attacks like phishing, or social engineering campaigns, explained Lorri Janssen-Anessi, director, external cybersecurity assessments at BlueVoyant.
“To counter these threats, companies need to continually evolve their cybersecurity strategies, understanding that cyber threat attackers are also evolving their targeting tactics,” said Janssen-Anessi.
