Mimecast is a London-based company that servers cloud-based email management service to Microsoft Office 365 and Microsoft Exchange who protects email platforms from phishing attacks, spam, malware, etc., in a blog post on Tuesday informed their customers that a threat actor has exploited and breached a certificate that the company serves to some of its customers to let them connect their products to Microsoft 365 exchange safely and securely. The discovery of this breach was declared after Microsoft informed Mimecast about the breach. Mimecast mentioned that “The security of our customers is always our top priority. We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate.”
However, Mimecast serves seven different types of digital certificates that are categorized on the locations and are required to be uploaded to M365 to establish a server type connection in Mimecast but still, the company hasn’t made it clear what type of certificate or which certificate has been breached. Although, the organization explained that only 10 percent of their customers use such connections and even out of those 10 percent customers, the organization believes that maybe a little small single-digit number of users must have been subjected. The certificate that has been breached has the main function to validate and authenticate Mimecast products to M365 Exchange. These products include Internal Email Protect (IEP), Continuity Monitor, and Mimecast sync and recover.
This breach of the certificate if not resolved can result in a man-in-the-middle attack. The attacker can use certificate details to take control of the established network, interfere in the email traffic, and breach confidential information and credentials. To avoid such events, the organization had asked all its customers to get rid of the existing connection as soon as possible and establish new network connections via new certificates that the company has made available. Mimecast stated, “Taking this action does not impact inbound or outbound mail flow or associated security scanning.”
The investigation regarding the breach is still on and the company ensured that it will work with law enforcement agencies and Microsoft as close as possible. It has been hinted that the attackers who breached the certificate are the same group who were responsible for the SolarWinds supply chain attack.
Mimecast concludes by stating “Mimecast is providing the information in this communication as of this date and assumes no obligations to update the information included in this communication or revise any forward-looking statements, whether as a result of new information, future events, or otherwise.”