Attacks on the vendors of managed services providers like Protek Support continue to increase in both severity and frequency. This week’s target was unfortunately the spam filtering service Mimecast, which the majority of Protek Support clients utilize.
As always, Protek takes these notifications very seriously and immediately looked at our client’s Mimecast accounts to verify that none were vulnerable or had been attacked. We are happy to report that our clients accounts have not been compromised in any way due to this attack.
UPDATED Jan 26th – According to Mimecast “A Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor”
The company launched an internal investigation, supported by leading third-party forensics experts. The investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor.
This attack shows how important knowing your “supply chain” is. The tools that support the tools you use, are part of your supply chain and an attack on one can have far reaching affects down the line.