Threat actors looking to maximise the amount of money they can make and chaos they can cause have once again chosen the supply chain as their target of attack. On Thursday, April 11, the Cybersecurity & Infrastructure Agency (CISA) warned customers of Sisense, a company that provides data analytics services to thousands of international companies, that they should reset their credentials for Sisense services and look out for suspicious activity involving their services.
While the source and severity of the alleged attack is unclear right now, the incident appears to be the latest in a concerning trend of attacks that leverage supply chains to gain access into the systems of much larger organisations.
As they’re currently carried out by malicious actors, supply chain attacks take advantage of the exposure that service providers have into their clients’ online systems, whether it be for managing data analytics like Sisense, security, or even Internet– –of –Things (IoT) technologies.
The common thread between all supply chain attacks is that one third-party vendor’s lapse in security or unpatched vulnerability can enable an attacker to lodge themselves into the architecture of hundreds or even thousands of organisations, creating an opportunity for catastrophe on an industry-wide or even global scale. While Sisense isn’t the first multi–national organisation to be hit by a supply chain attack and won’t be the last, it does serve millions of customers, along with hundreds of tenant organisations integrating with it. That amounts to potentially millions of credentials that will need to be changed.
How A Supply Chain Attack Occurs
There’s several ways that savvy attackers can launch a supply chain attack. They’re commonly paired with social engineering tactics like phishing, where attackers attempt to steal credentials with spoofed emails, links or messages. When organisations reuse credentials rather than develop strong, unique passwords, it makes it even easier for attackers to infiltrate their systems.
The Arctic Wolf 2024 Threat Report found that nearly half of non-business email compromise (BEC) attacks are driven by credential reuse. It’s also possible that a victim could misconfigure a cloud-based storage system by leaving it open to the public. Opportunistic hackers can access sensitive data by searching for these, and subsequently target a victim’s customers with that data.
This incident should serve as a wake-up call for businesses that their security posture is only as strong as their weakest third-party vendor with access to their environment. Supply chain attacks are increasing in frequency not only because they tend to be lucrative for attackers, but because the world is growing more interconnected online, and attack surfaces expand every time organisation A gains access to organisation B’s data repositories.
The most resilient organisations recognise these inherent risks and ensure that a baseline of cybersecurity standards are met with each new vendor relationship; multi-factor authentication (MFA), regular security trainings, and the implementation of zero trust principles. Annual or biannual compliance checks against these security principles are the simplest steps an organisation can take to guard themselves against supply chain risks.
For more details on the Sisense data check out the Security Bulletin from Arctic Wolf Labs.
