Mimecast, an email security provider, has disclosed that a threat actor compromised certificates provided to Microsoft customers to authenticate Microsoft 365 IEP’s, Mimecast Sync and Recover, as well as its Continuity Monitor.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
January 13, 2021 11:53 am

<p>The attack against Mimecast and their secure connection to Microsoft\’s Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached Solarwinds and multiple government agencies. This shows the skill and tenacity State and State sponsored actors can bring to bear when they are pursuing their agenda.  Against this sort of opponent, civilian organizations will need to up their game if they don\’t want to become the next headline. Basic cybersecurity is not enough.  Organizations need to employ industry best practices, and then go farther with user education, programs to review and update their security, and deploying best in breed security solutions, including security analytics. The long term advantage is that defenses designed to resist a State level attack should be more than enough to thwart the more common cybercriminal.</p>

Last edited 1 year ago by Saryu Nayyar
1
0
Would love your thoughts, please comment.x
()
x