Mimecast revealed that a certificate it provided to certain customers was compromised by hackers.
The issue was uncovered by Microsoft and was possible because of a sophisticated attack.
An update from Mimecast explains:
"Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor."
How widespread was the Mimecast certificate compromise?
Attacks like these often reveal the same thing: many organizations could be compromised, but only a few key networks actually are. This happened in the CCleaner attack, in which millions of accounts were compromised to attack just a few. And we saw the same in the SolarWinds attack, as well.
In this case, Mimecast says roughly 10 percent of its customers use the compromised connection. However, the company reports that the number of customers targeted in this attack is in the single digits.
Here is what the company is saying to customers regarding the incident:
"As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we've made available. Taking this action does not impact inbound or outbound mail flow or associated security scanning.
The security of our customers is always our top priority. We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate."
What is the significance of a compromised Mimecast certificate?
Terence Jackson, CISO at Thycotic, shared his thoughts on the significance of this type of attack:
"The certificates that were compromised were used by Mimecast email security products. These products would access customers' Microsoft 365 exchange servers in order for them to provide security services (backup, spam, and phishing protection). Since these certificates were legit, an adversary would have been able to connect without raising suspicions to eavesdrop and exfiltrate email communications."
Read the Important Update from Mimecast for more on this attack.