Mimecast E-Mail Security Service Hacked

An email-security breach has been reported in which sophisticated threat actors have gained access to an email certificate from the Mimecast^® e-mail security company -- specifically certificates for Mimecast Sync and Recover, Continuity Monitor, and IEP products. This Mimecast certificate  provides verification and authentication between a company’s emails and Microsoft^® 365^® Exchange Web Services. The certificate plays a role in securing email backups, contacts, calendars, and attachments, and in providing protection against malicious links.

Bad actors in possession of this certificate can potentially take over the connection by which email passes between the company, Mimecast protection, and Microsoft 365. They would likely be able to access company email and other data, and might infiltrate company networks.

Mimecast has issued a statement indicating that it was informed of this breach by Microsoft and believes that it affects approximately 10% of Mimecast users, who they believe were specifically targeted. Mimecast is reaching out to affected customers.

Mimecast strongly recommends that affected users immediately delete their existing connection with Microsoft 365 and establish a new certificate-based connection with the new certificate they have made available. They indicate that this should resolve the issue, and that they will provide further updates as needed.

ACA Additional Guidance

The discovered breach of Mimecast comes in the wake of the recent SolarWinds attack, in which top tiers of government and industry were affected by a supply chain attack that enabled access through a third-party software service update. Experts believe that these attacks may be related. These breaches highlight the continued need for vigilance in the face of cybersecurity attacks, originating from individual actors and on the nation-state level.

ACA Aponix recommends taking the following actions regarding the discovered Mimecast breach:

• Immediately follow the recommendations provided by Mimecast in its statement, by deleting existing Microsoft 365 connections and establishing a new certificate-based connection. While Mimecast does not specify this action for all Mimecast users, they do indicate that doing so will not impact mail flow or security. As such, it is recommended that all users take this precaution.
• Because the recommendations may require IT and cybersecurity expertise, reach out to trusted third-party providers for assistance, if needed.
• Assess your organization's Microsoft 365 configuration, to ensure that maximum protection is afforded against this and other potential vulnerabilities.
• Monitor logs and related security resources for unusual activity, reviewing at least two weeks back.
• Assure that data backup and related resiliency plans are up-to-date and functional.
• Review and update existing incident response plans to prepare a response in the event of a breach.
• Strongly encourage third-party vendors to follow directions and information related to this breach.
• Follow further Mimecast guidance as it becomes available.

How We Help

ACA Aponix offers the following solutions that can help your firm in light of the discovered vulnerability, software patching programming, Office 365 security configuration, and with data security in general.

• Microsoft® Office 365® security assessment
• Threat intelligence
• Cyber incident response planning
• Cybersecurity and technology risk assessments
• Vendor management and due diligence
• Penetration testing and vulnerability assessments
• Policies, procedures and governance
• Phishing testing and cyber awareness

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.