Incident Brief

New Relic, a well-established software analytics company, has confirmed a significant cybersecurity incident. The company came forward with the news of the incident, ensuring transparency with its clientele and stakeholders. The incident involved unauthorized access into their internal environment, a serious breach that has raised significant concerns about potential data vulnerabilities.

New Relic Confirms a Cyber Incident

As mentioned, the company disclosed that the cyber incident was due to unauthorized access to their internal environment. This unauthorized access was not a result of any inherent system vulnerabilities on New Relic's part but, rather, was orchestrated through the use of stolen credentials which were obtained via social engineering methods. This approach involved manipulative techniques designed to deceive employees into revealing sensitive information.

Attackers Gain Access to an Internal Environment Using Social Engineering and Stolen Credentials

These social engineering tactics are deceptive methods used by hackers to exploit human psychology, often tricking individuals into breaking security procedures and revealing sensitive information. In this case, the attackers could steal employee credentials, which they used to penetrate New Relic's internal environment.

The Compromised Environment Hosts Customer Usage Information and Certain Logs

New Relic clarified that the compromised internal environment houses certain kinds of customer information and various logs. However, the company assured its customers that no telemetry data or application data was compromised in this cyber-incident.

Although the attackers gained access to some customer accounts, New Relic assured its users that these account credentials were not acquired from the breach of their internal environment. Despite the seriousness of the incident, the software analytics company has taken essential security measures to prevent similar occurrences in the future.

Steps Taken by New Relic in Response to the Incident

The company has revoked access to those accounts identified as compromised and reinforced its defenses against credential theft. It has also enhanced its access controls as part of a broader risk mitigation strategy. To ensure maximum data safety, New Relic advises users to enable multi-factor authentication, avoid password reuse, and adopt good password hygiene practices. In addition, they have stressed the importance of regularly monitoring and auditing account activity to detect any unusual patterns or behaviors.

Impacted Customers Have Been Contacted by New Relic

To maintain transparency and trust with their customer base, New Relic has initiated contact with customers who, they believe, may have been affected by this incident. Their communications involved informing these customers about the cyber breach and suggesting steps to secure their data further.

The Compromised Environment is Now Secure and Accessed Revoked for Breached Accounts

New Relic has taken significant steps toward strengthening and protecting its internal environment post-incident. The compromised area has been secured to avoid further access from unauthorized entities. Additional actions were undertaken, including revoking access to those accounts identified as compromised, thereby limiting any potential misuse of account information.

Discovery of No Lateral Movement from Compromised Environment

One of the most crucial revelations during New Relic's extensive review of the incident has been the lack of lateral movement from the compromised environment. This means that the unauthorized access appears isolated to the compromised environment and did not extend or spread to other network parts. This information is a crucial indicator that the potential damage and data compromised were limited, enabling a more targeted and effective response.

In conclusion, New Relic's comprehensive response has encompassed communication with its customers, an assessment of the breach, and subsequent implementation of preventative measures. Its actions underscore the company's commitment to maintaining the trust and relationship with its clients.

Attackers' Activities

This section expands on the actions taken by the attackers during the aforementioned cyber incident. The attackers were able to gain access to certain New Relic customers' accounts using stolen credentials.

They used stolen credentials to gain unauthorized access to certain customer accounts. These credentials were obtained not directly from the compromised internal environment but from external sources. The data involved was confined to customer account details, and the company assures that no telemetry or application data was accessed or compromised during the breach.

Stolen Credentials Came from Recent Large-Scale Social Engineering and Credential Compromise Attacks

It was brought to light that the stolen credentials used by the attackers to victimize New Relic originated in recent large-scale external social engineering and credential compromise attacks.

In summary, the attackers' activities involved exploiting obtained credentials to gain unauthorized access to customer accounts, which, once detected, triggered swift security responses from the company.

Recommendations and Preventative Measures

In response to the recent cyber incident, New Relic has provided customers with several security recommendations and preventative measures.

One of the key recommendations made by New Relic is the enabling of multi-factor authentication (MFA). MFA is a security method requiring more than one piece of evidence to authenticate a user, providing an additional layer beyond a simple password. By implementing MFA, unauthorized access to accounts can be significantly curtailed, even in the event of password compromise.

Customers are Encouraged to Avoid Password Reuse and Maintain Good Password Hygiene

New Relic encourages customers to use the best password management practices to secure their accounts. The company has specifically advised against password reuse across multiple accounts, a habit that can leave users vulnerable to credential-stuffing attacks. Customers can significantly fortify their account security by maintaining unique passwords for each account and regularly updating them. This practice, part of good password hygiene, can drastically reduce the risk of falling victim to hacker exploits and cyberattacks.

Regular Auditing of Changes in the New Relic Environment Suggested for Detecting Suspicious Activity

Apart from encouraging best practices in password management and advocating for MFA, New Relic has also recommended regular auditing of changes within its own environment. Users can detect any unusual changes or suspicious behavior by constantly monitoring and auditing account activity on the New Relic platform. Regularly reviewing account access logs can help identify any abnormal login attempts or unusual patterns, potentially indicating a breach, thereby enabling swift action to prevent further data compromise.

In conclusion, New Relic's recommendations and preventative measures demonstrate their recognition of the potential risks of cyberattacks and their commitment to protecting customer data. By implementing the suggested steps, customers can significantly decrease their potential exposure to cybersecurity threats and help create a safer digital environment.