<img height="1" width="1" src="https://www.facebook.com/tr?id=3212881575388825&amp;ev=PageView &amp;noscript=1">

The cloud-based email management service, Mimecast, has announced that their certificate issued to authenticate products to Microsoft’s 365 Exchange Web services has been compromised by a threat actor. This appears to be the work of the same threat actors responsible for the recent SolarWinds supply-chain attack, which has used third-party vendors as a vector to reach targets.

The mechanics of the certificate compromise means that hackers could control the connection, which manages inbound and outbound mail traffic flows. This traffic could possibly be intercepted, and bad actors could go as far as to infiltrate the Microsoft 365 Web services to exfiltrate data. Attackers could also disable Mimecast protection entirely, making malicious email assaults more effective.

Mimecast estimates about 10% of their customers use this connection, and those who were targeted have already been contacted to remediate the issue. As a precautionary measure, Mimecast is asking customers who use the certificate-based connection to delete the existing connection within their Microsoft 365 tenant and re-establish a new connection using the newest certificate that has been released by Mimecast. This will not impact mail flow or security in any way.

As always, the SOCBOX team is here to serve your security needs. If your organization has questions on how to make sure you have the most recent certificate made available to Mimecast clients, feel free to reach out and we will work to ensure your organization's security is up to date.

 

Sources:

https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/

https://www.mimecast.com/blog/important-update-from-mimecast/