The Mimecast Incident Report stated that the US Data Centers and disruption of millions of emails were caused by a DDoS (Distributed Denial of Service) attack on September 21 from “10:46 am EST – 5:32pm EST.” The September 25, 2015 Incident Report summarized the incident as:
Customers using our US secure email gateway service experienced downtime related to the delivery and receipt of external email.
But the impact on US businesses was substantial and clearly proves the vulnerability of Mimecast and that bad people demonstrated how they could control Mimecast’s email customers. So my prediction from my September 22 blog “Cloud Mail Outages Caused by Cyberattack?” was pretty much on point…however it was not that hard to figure out!
Mimecast made these promises about future prevention of other attacks:
Mimecast continues to make significant investments in security infrastructure and programs. Mimecast is committed to the continuous improvement to our security architecture and the independent verification of the controls in place. Mimecast will continue to engage key internal and external experts to provide consultancy to stay ahead of the moving threat landscape.
We have applied counter measures to protect against this type of attack in the future.
Only time will tell if Mimecast can avoid future DDoS attacks.