Emtec Insights

Mimecast--Another-Victim-of-the-SolarWinds-Breach_500x380Mimecast Certificates Compromised

In case you missed it, Mimecast, a Cloud Cybersecurity Services provider, announced that the same threat actors responsible for the SolarWinds breach had also compromised Mimecast-issued certificates. The compromised certificates provided access to encrypted account credentials that establish a connection from Mimecast tenants to on-premises and cloud services. The breach provided hackers with access to Azure Active Directory, Microsoft Exchange Web Services, LDAP, POP3 journaling and SMTP-authenticated delivery routes of Mimecast customers.

Mimecast Breach: Immediate Actions to Take

Mimecast has advised customers using the certificate-based connection to immediately delete the existing connection within their Microsoft 365 tenant and re-establish a new certificate-based connection using a new certificate which Mimecast has made available.

Microsoft has disabled the use of the former connection keys for all affected Mimecast customers, but out of an abundance of caution, it would be best to re-establish a new certificate-based connection. Based on Mimecast’s investigation, the threat actors accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States (US) and the United Kingdom (UK).

While they are not aware that any of the encrypted credentials have been decrypted or misused, they do advise customers hosted in the US or UK to reset their credentials as a precautionary measure.

To keep informed of additional updates from Mimecast- please visit their Mimecast community and blog.

Key Takeaway: The Importance of Security Certificates

It is fundamentally important to have proper protocols in place for the management of security certificates as they are critically important for proper computing and safe exchange of information over a secure connection.

Many industries have audit requirements baked in to ensure certificate authenticity including healthcare, banking, and others. Regardless if you are a government agency or commercial entity, equal focus should be placed on the proactive management of these certificates.

Certificate authorities (CA) are commonly overlooked in cyber security investments. Many organizations tend to rely on default security certificates due to lack of knowledge. Default security certificates are used by multiple entities and could be a target for spoofing or a 0-day exploit. Other common issues include expired certificates, wildcard certificates, certificates tagged to mismatched domains, etc.

Now is the time to audit your current certificates to ensure they are up to date. Ask these questions internally to ensure you are taking those proactive steps.

  • Do you have individuals responsible for the management of your security certificates?
  • Do your cyber security policies include documentation and processes for the proper management of your security certificates?
  • Are you tracking your security certificates to ensure they are renewed yearly?

Have exploit concerns?

If you have concerns you may have been breached or even exploited, the best course of action would be to conduct a quick penetration test and vulnerability scan for peace of mind.

Please reach out to our team if you don’t know where to get started, or if you don’t have the security expertise or bandwidth in-house to dedicate to this effort. We are here to help.

 

References

https://www.mimecast.com/blog/important-security-update/
https://www.mimecast.com/blog/important-update-from-mimecast/
https://www.crn.com/news/security/mimecast-breach-linked-to-solarwinds-hack-allowed-cloud-services-access

 

Written by Keason Drawdy

Senior Cyber Security Solutions Consultant

Keason Drawdy is a Senior Cyber Security Solutions Consultant with over 23 years’ experience in the Information Technology and Cyber Security sectors. A former black hat hacker and black hat reverse engineer, Mr. Drawdy has an extensive cyber security background with first-hand, significant knowledge in defeating secure networks and physical vectors and deep exposure to all aspects of cloud storage, security & encryption.

In his career as both a VP of IT at SMG Media as well as various cyber security roles with the Department of Energy and Environment (DOEE), Duck Creek Technologies, Olenick and CME Group, he has managed global teams of IT professionals throughout the United States, Israel, UK, and Asia. Notable achievements include the creation of four supercomputers that were capable of mining more than 500 Million US dollars’ worth of bitcoin as well as the design of high capacity, ultra-secure systems, networks for trading & hedge funds that are used today with high-frequency algorithmic trading platforms. Mr. Drawdy emphasizes the importance of CISO best practices & compliance in all client engagements. Certifications include: Information Systems Security Professional (CISSP) and Chief Information Security Officer (CISO).

If you would like to connect with Keason: keason.drawdy@emtecinc.com

Leave a comment

Managed Cyber Security Services (SECaaS) by Emtec

Popular Posts

More Emtec Insights

GET INSIGHTS IN YOUR INBOX