![solarwinds security solarwinds security](https://www.securitymagazine.com/ext/resources/code-1839406_1920.jpg)
Meanwhile, Malwarebytes last week confirmed that it too is a victim of the SolarWinds hackers – except that it wasn’t targeted through the SolarWinds platform.
![solarwinds security solarwinds security](https://cdn-japantimes.com/wp-content/uploads/2020/12/np_file_59001.jpeg)
We have already contacted these customers to remediate the issue.” Malwarebytes, CrowdStrike Targeted via Email The company went on to say that out of those, “there are indications that a low single digit number of our customers’ Microsoft 365 tenants were targeted. It notes on its website that it has around 36,000 customers, so 3,600 could be potentially compromised. Mimecast said that about 10 percent of its customers used the affected connections.
#SOLARWINDS SECURITY UPDATE#
It said in the update that “the vast majority of these customers have taken this action.” Mimecast has also issued a new certificate and is urging users to re-establish their connections with the fresh authentication. The hack was brought to Mimecast’s attention by Microsoft ( itself a SolarWinds victim), which has disabled the certificate’s use for Microsoft 365. Threatpost reached out for further information, but did not immediately receive a response. It added, “Although we are not aware that any of the encrypted credentials have been decrypted or misused, we are advising customers hosted in the United States and United Kingdom to take precautionary steps to reset their credentials.” “These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes.” “Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom,” the company said in its update. In this case, it appears that credentials were lifted. It would be possible to intercept that traffic, or possibly to infiltrate customers’ Microsoft 365 Exchange Web Services and steal information. The certificate in question was used to verify and authenticate those connections made to Mimecast’s Sync and Recover (backups for mailbox folder structure, calendar content and contacts from Exchange On-Premises or Microsoft 365 mailboxes), Continuity Monitor (looks for disruptions in email traffic) and Internal Email Protect (IEP) (inspects internally generated emails for malicious links, attachments or for sensitive content).Ī compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. Mimecast provides email-security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast’s servers. Exfiltrated Mimecast Customer Information The compromises were first discovered in December. After that broad-brush attack, the threat actors (believed to have links to Russia) selected specific targets to further infiltrate, which they did over the course of several months.
#SOLARWINDS SECURITY SOFTWARE#
government agencies and many others, began with a poisoned software update that delivered the Sunburst backdoor to around 18,000 organizations last spring. The SolarWinds espionage attack, which has affected several U.S. “It is clear that this incident is part of a highly sophisticated large-scale attack and is focused on specific types of information and organizations.” “Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor,” it announced. That caused speculation that the breach was related to SolarWinds, which the firm confirmed in an update this week. Mimecast joins other cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys in being targeted in the attack.Ī Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services had been “compromised by a sophisticated threat actor,” the email-protection company announced in mid-January. The Mimecast certificate compromise reported earlier in January is part of the sprawling SolarWinds supply-chain attack, the security firm has confirmed.