Mimecast Says Hackers Compromised Digital CertificateEmail Security Company Says Fewer Than 10 Customers Targeted
Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft’s servers, putting organizations at risk of data loss.
See Also: Case Study: The Road to Zero Trust
The certificate, which is issued by Mimecast, encrypts data exchanged between the company’s Sync and Recover, Continuity Monitor and Internal Email Protect products and Microsoft 365 Exchange Web Services.
Mimecast, which is based in London, says that 10% of its customers, or about 3,900, use this type of connection between its products and Microsoft. In its last earnings call in November 2020, Mimecast reported it has 39,200 customers around the world.
The company believes that fewer than 10 of those 3,900 customers were targeted as a result of the certificate compromise. It did not identify those customers, although it says they have been contacted.
“As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available,” Mimecast says in a statement. “Taking this action does not impact inbound or outbound mail flow or associated security scanning.”
Few Details Released
Microsoft alerted Mimecast to the problem. Mimecast says it's working with Microsoft as well as law enforcement officials and has hired a third-party forensics expert.
Mimecast didn’t describe how it was compromised or if there were other effects. A spokesman offered no further comment.
“Based on Mimecast’s statements, the attacks were targeted at specific customers, but without more, we can only guess at what the attackers were after.”
— Saryu Nayyar, CEO, Gurucul
How hackers could leverage the compromised certificate is difficult to determine based on the limited information released by Mimecast, says Saryu Nayyar, CEO of the analytics security specialist Gurucul. But in the worst-case scenario, the hackers may be able to interfere with email, secure file backups, archives and more, Nayyar says.
Mimecast acts as a mail transfer agent for Microsoft’s Office365 email system. Mimecast's products sit in between Office365 and their client, performing security actions such as filtering spam and malware, before the content is passed on, Nayyar says.
“We simply don’t know based on what’s been reported how extensive the access was,” she says. “Based on Mimecast’s statements, the attacks were targeted at specific customers, but without more, we can only guess at what the attackers were after.”
Reuters reports that three cybersecurity investigators believe the Mimecast certificate compromise may be connected to the complex SolarWinds supply-chain hack, whose effects continue to rattle enterprises and government agencies (see: SolarWinds Describes Attackers' 'Malicious Code Injection').