Quote:A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced.
Mimecast provides email security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast’s servers. The certificate in question is used to verify and authenticate those connections made to Mimecast’s Sync and Recover (backups for mailbox folder structure, calendar content and contacts from Exchange On-Premises or Microsoft 365 mailboxes), Continuity Monitor (looks for disruptions in email traffic) and Internal Email Protect (IEP) (inspects internally generated emails for malicious links, attachments or for sensitive content).
A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. It would be possible to intercept that traffic, or possibly to infiltrate customers’ Microsoft 365 Exchange Web Services and steal information.
“The certificates that were compromised were used by Mimecast email security products,” Terence Jackson, CISO at Thycotic, told Threatpost. “These products would access customers Microsoft 365 exchange servers in order for them to provide security services (backup, spam and phishing protection). Since these certificates were legit, an adversary would have been able to connect without raising suspicions to eavesdrop and exfiltrate email communications.”
There would be additional steps necessary for the attacker to compromise sensitive information, according to Chris Clements, vice president of Solutions Architecture at Cerberus Sentinel.
“They don’t appear to have identified the exact nature and use case for the certificate compromised but two possibilities are likely,” he told Threatpost. “First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users’ connect to (user -> Mimecast), it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information.”
Read more: https://threatpost.com/mimecast-certific...ck/162965/
![[-]](https://www.geeks.fyi/images/collapse.png)
