Hackers steal Mimecast certificate used to encrypt customers’ M365 traffic
source link: https://arstechnica.com/information-technology/2021/01/mimecast-says-hackers-stole-a-certificate-and-used-it-to-target-its-customers/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
STOLEN KEY —
Hackers steal Mimecast certificate used to encrypt customers’ M365 traffic
Compromise by "sophisticated threat actor" prompts company to issue new certificate.
Dan Goodin - 1/13/2021, 6:10 AM
Email management provider Mimecast said that hackers have compromised a digital certificate it issued and used it to target select customers who use it to encrypt data they sent and received through the company’s cloud-based service.
In a post published on Tuesday, the company said that the certificate was used by about 10 percent of its customer base, which—according to the company—numbers about 36,100. The “sophisticated threat actor” then likely used the certificate to target “a low single digit number” of customers using the certificate to encrypt Microsoft 365 data. Mimecast said it learned of the compromise from Microsoft.
Certificate compromises allow hackers to read and modify encrypted data as it travels over the Internet. For that to happen, a hacker must first gain the ability to monitor the connection going into and out of a target’s network. Typically, certificate compromises require access to highly fortified storage devices that store private encryption keys. That access usually requires deep-level hacking or insider access.
The Mimecast post didn’t describe what type of certificate was compromised, and a company spokesman declined to elaborate. This post, however, discusses how customers can use a certificate provided by Mimecast to connect their Microsoft 365 servers to the company’s service. Mimecast provides seven different certificates based on the geographic region of the customer.
AdvertisementDelete! Delete!
Mimecast is directing customers who use the compromised certificate to immediately delete their existing Microsoft 365 connection with the company and re-establish a new connection using a replacement certificate. The move won’t affect inbound or outbound mail flow or security scanning, Tuesday’s post said.
The disclosure comes a month after the discovery of a major supply chain attack that infected roughly 18,000 customers of Austin, Texas-based SolarWinds with a backdoor that gave access to their networks. In some cases—including one involving the US Department of Justice—the hackers used the backdoor to take control of victims’ Office 365 systems and read email they stored. Microsoft, itself a victim in the hack, has played a key role in investigating it. The type of backdoor pushed to SolarWinds customers would also prove valuable in compromising a certificate.
It’s way too early to say that the Mimecast event is connected to the SolarWinds hack campaign, but there’s no denying that some of the circumstances match. What’s more, Reuters reported that three unnamed cybersecurity investigators said they suspect the Mimecast certificate compromise was carried out by the same hackers behind the SolarWinds campaign.
Recommend
-
33
-
34
Components acme-v01.api.letsencrypt.org (Production), acme-v02.api.letsencrypt.org (Production) Locations High Assurance Datacenter 1, High Assurance Datacenter 2 November 17, 201...
-
11
Let’s encrypt: an automated certificate authority to encrypt the entire web , Aas et al., CCS’19 This paper tells the story of Let’s Encrypt,...
-
6
Wednesday, 27 January 2021 09:09 Mimecast admits certificate compromise tied to SolarWinds supply chain attack Featured By
-
10
Secure FreeIPA Server With Let's Encrypt SSL CertificateFreeIPA is a powerful open source solution created to provide a centralized way of managing authentication, identity stores, policies, and authorization policies in a Linux-based domain....
-
5
Let's Encrypt SSL certificate overview Overview Let's Encrypt is a new Certificate Authority (CA) that offers FREE SSL certificates that are just as secure as paid...
-
8
Before adding the certificate Only a professionally-signed or 'Let's Encrypt' certificate will work with Cloudflare’s Full SSL (Stri...
-
9
Install Mastodon on Ubuntu 20.04/18.04 With Let's Encrypt SSL CertificateMastodon is a free and open source self-hosted social network server licensed under AGPLv3. Mastodon is similar in features to Twitter and allows you to...
-
7
Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 Posted by Tomáš Mráz , Sep 13th, 2021 8:00 am The currently recommended certificate chain as presented to Let’s En...
-
2
This simple three-step blueprint can help you resurrect "eroding" content and optimize it for long-term SEO results. Brad...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK