December 3, 2023 at 11:36PM
New Relic disclosed a two-pronged cyber attack that compromised their staging systems using stolen credentials and affected a small number of customer accounts. They’ve rotated passwords, removed API keys, and updated security measures. Ongoing investigations with external experts aim to enhance their security posture.
Meeting Takeaways:
1. Incident Details: New Relic experienced a cyber security incident that involved a two-front attack. The company previously issued a warning but has now clarified that the attack occurred in mid-November.
2. Attack on Staging Systems: New Relic’s staging systems were compromised by an unauthorized party using stolen credentials and social engineering tactics on a New Relic employee. Although they breached the staging systems, there was no indication that the attacker moved laterally to customer accounts or New Relic’s production infrastructure.
3. Customer Account Compromise: Investigations also showed indicators of compromise in a small number of customer accounts. New Relic has responded by rotating passwords and removing API keys for accounts they believe might have been affected.
4. Source of Compromised Credentials: The attack on New Relic’s staging system wasn’t the source of the compromised customer credentials. Those credentials likely stemmed from large-scale social engineering and credential compromise attacks external to New Relic.
5. Communication with Affected Customers: New Relic will communicate with customers whose data was in the staging environment or whose accounts were potentially probed, to guide them on further actions.
6. Investigation and Security Measures: The investigation is ongoing with help from third-party infosec consultants and forensic firms. New Relic has already put in place additional technical controls, enhanced network access, and revoked the attack method used. They have also increased their security monitoring across the enterprise.
7. Security Hardening: New Relic leveraged leading security tools to further harden access controls and credential theft defenses as part of their response to the incident.
8. Future Updates: New Relic has not concluded the matter with this advisory but is sharing current findings due to the progressive nature of their investigation. They will continue to work to fully understand the incident’s ramifications.
It is advised that any information in this takeaway should be closely monitored and potentially affected parties should be ready to take immediate action as instructed by New Relic. Further updates from the investigation may unveil additional details requiring more extensive response measures.