Sisense Breach

NHI Mgmt Group

Overview

Sisense, which is considered as a leading business intelligence (BI) and data analytics platform, had its share of attacks in 2024. In April 2024, the company reported a security breach that caused significant effects among industries. This breach came from unauthorized access to Sisense’s self-managed GitLab Instance, which led to the exfiltration of huge amounts of data, including access tokens, API keys, passwords, and certificates.

What Happened?

The breach was first identified by a security researcher Brian Krebs, who reported it to The U.S. Cybersecurity and Infrastructure Security Agency (CISA). The initial investigations suggested that this could be a Supply chain attack, where the attacker compromised Sisense’s GitLab Instance and accessed sensitive information, including customer credentials, secrets, and other authentication information. These assets, if misused, could potentially lead to the compromise of connected systems and applications.

Sisense Mistakes

  • The storage of hardcoded AWS credentials in GitLab repositories, offering an easy entry point for attackers.

  • The failure to encrypt sensitive customer data stored in the cloud, leaving it vulnerable to unauthorized access.

These mistakes have raised a lot of questions and doubts about the company’s security measures.

How Sisense Responded to the Incident

In response to the incident, Sisense and CISA issued recommendations to clients, urging immediate actions to prevent further exploitation.

Actions Taken by Sisense

  • All exposed credentials and API tokens were rotated and invalidated, Customers were advised to reset their tokens immediately.

  • Sisense implemented stronger access controls and encryption for sensitive credentials.

  • Sisense continues to work with security experts to assess and mitigate the breach.

Recommendations for Clients

  • Configure API tokens with a short lifespan to limit their utility in case of compromise.

  • Ensure tokens have minimal permissions necessary to perform their intended functions.

  • Review systems that are integrated with Sisense for potential abnormal activity.

  • Enable logging for API interactions to trace unauthorized access attempts.

What’s next?

This breach highlights the growing risks associated with Software as a Service (Saas) platforms. Organizations must ensure that security measures are up to date and adopt proactive security strategies.

Lessons Learned

  1. Implement UEBA Solutions: User and Entity Behaviour Analytics (UEBA) is a security solution that uses advanced analytics technologies, such as machine learning and deep learning to detect abnormal and malicious behaviour by users, machines and other entities based on the security baseline of the organization.

  2. Conduct Regular Secrets Rotation: Use an automated secret manager to rotate your secrets periodically to avoid any data breaches or leaks.

  3. Deploy SIEM Solutions: Use Security Information and Event Management Solutions (SIEM) to monitor and analyze systems activity in real-time.

  4. Implement Expiration Policies: To ensure tokens expire after a short period of time to reduce their utility if compromised.

  5. Secrets Detection Tools: Use automated secrets detection tools to detect and prevent hardcoded secrets in code repositories.

Conclusion

This incident highlights the growing risks in SaaS environments and digital supply chains. By adopting these lessons, Organizations can not only protect themselves against future threats but also enhance their overall security posture.

About Contact Glossary

Terms & Conditions Privacy policy

Non-Human Identity Mgmt Group

The Non-Human Identity Management Group is a community focussed solely on helping solve the huge industry challenge around helping organisations manage and secure Non-Human / Machine Identity Risks

Subscribe to our Newsletter

Subscribe

© 2024