Hackers Attack Email Security Vendor Mimecast
by Raymund Taylan, Senior Security Advisor
13 January 2021
Mimecast’s Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) products’ certificate, used for authentication in Microsoft 365 Exchange Web Services, has been compromised by another sophisticated threat actor.
A month ago, Solarwind’s Orion Platform – a widely used IT monitoring and infrastructure management software – was hit by a supply-chain attack. Today, Mimecast, an email security vendor, announced that “a sophisticated threat actor” has compromised the Mimecast-issued certificate used to guard connections between their products and Microsoft 365 Exchange Web services.
According to the Mimecast Important Update page, around 10% of its customers are impacted and have been asked to replace the certificates.
It is not confirmed if the Mimecast cyber attack is related to Solarwinds’ hack campaign. According to a Reuters report, three cyber security investigators, who spoke on condition of anonymity to discuss the details of an ongoing probe, said they suspect the hackers who compromised Mimecast were the same group that broke into U.S. software maker SolarWinds and a host of sensitive U.S. government agencies.
It appears that security vendors are now top targets for hackers looking to steal sensitive information. Again, this only tells that no organisation is 100% bulletproof against breaches.
Prioritisation and risk management need to drive cyber security. Organisations must conduct a thorough and regular cyber risk assessment to identify (a) where the greatest risks exist and (b) the data that requires the most protection. Once risks are identified, effective decisions can be made on how to increase visibility and control over your digital assets and IT security investments to ensure they’re constantly protected from cyber threats in the wild.
However, having constant protection requires continuous monitoring. Monitoring security controls without the right knowledge and expertise in correlating valid security alerts may lead to a serious data breach.
Let’s use this as a reminder that security is not meant to set and forget. Total security needs a holistic approach and continuous assessment.