On 11 April 2024, CISA issued an cybersecurity advisory disclosing a compromise of customer data from Sisense. The previous day, cybersecurity journalist Brian Krebs had published an email sent to Sisense customers by the company’s CISO. The specific details of the compromise have not been made public at this time. Furthermore, Arctic Wolf has not observed any malicious activities conducted by threat actors using compromised credentials from Sisense.
Sisense is a business intelligence firm which produces software with features for analysis and visualisation of datasets for decision-making. The company integrates with various platforms such as CRM applications, analytics platforms, databases, APIs, and numerous other applications.
While the extent of this compromise is not fully known, Arctic Wolf strongly recommends that organisations using Sisense rotate credentials and secrets for applications using their services, in line with the guidance provided by CISA. CISA emphasises that they are actively collaborating private industry partners to respond to this incident, as there is a connection to impacted critical infrastructure sector organisations.
Recommendations
Recommendation: Reset Credentials and Secrets
CISA urges Sisense customers to reset any credentials and secrets (e.g., API Keys) that may have been exposed to or utilised for accessing Sisense services.
References
