Two Important Cybersecurity Alerts from CISA

On April 11th, the Cybersecurity and Infrastructure Security Agency (CISA) issued two advisories that require impacted firms to take immediate action to limit the affects of two cybersecurity incidents.

The Sisense password breach

CISA issued a warning about compromised credentials of business analytics platform, Sisense. Sisense is a software-as-a-service platform, with products designed to allow companies to monitor multiple third-party services in a single dashboard.

Sisense Chief Information Security Officer, Sangram Dash, shared on April 10th that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet).” In its advisory, CISA indicated that the compromise was discovered by independent security researchers, and the organization is currently collaborating with private industry partners to respond to the incident. While the details of the Sisense breach are still emerging, CISA’s warning has generated concerns of potential supply-chain attacks as the exposed data may have provided attackers with a door into the company’s customer networks.

Recommended steps

Sisense and the CISA have recommended that Sisense's clients take several actions to limit the impact of the incident, including:

• Change/reset all Sisense-related passwords
• Log all users out of Sisense programs
• Rotate certificates for SSO SAML identity providers
• Rotate web access tokens
• Rotate/replace the “Secret” in base configuration security settings

CISA’s warning also included a request for information. CISA asks companies to provide information about any suspicious activity involving credentials potentially exposed to, or used to access Sisence services.

Microsoft email and Russian threat actors

CISA has issued Emergency Directive 24-02 in response to a recent cyberattack by a Russian state-sponsored cyber actor known as Midnight Blizzard. The group successfully broke into Microsoft’s corporate email accounts and systems and was able to access email correspondence from Federal Civilian Executive Branch (FCEB) agencies and Microsoft.

While the threat of this attack mostly pertains to government agencies, CISA is concerned other organizations may also have ben impacted by the exfiltration of Microsoft corporate accounts and encourages organizations to contact their Microsoft account team for guidance.

Recommended steps

CISA strongly encourages all companies with a Microsoft corporate account to apply stringent security measures to minimize impact of any Microsoft cyberattack, including:

• Implementation of strong passwords
• Multifactor authentication (MFA)
• Prohibition of sharing unprotected sensitive information via unsecure channels

How we help

ACA Aponix^® can help your firm build your cybersecurity program and strengthen your line of defense against cyberattacks. Our services include:

• Aponix Protect^TM is a cybersecurity and technology risk solution that helps you build a comprehensive risk management program tailored to your business needs.
• ACA Signature combines cybersecurity with compliance advisory services,  innovative technology and managed services for a scalable solution that can help you gain expert insight, guidance, and support as you navigate emerging challenges.

Reach out to your ACA consultant, or contact us to find out how ACA can help secure your firm against cyber threats and comply with regulatory expectations.