Mobile Device Management (MDM) is a device management solution for laptops, tablets, and smartphones used by organizations to enable them to control and protect their employees’ mobile devices.
Moreover, MDM has been developed with various tools that administrators can use to manage these gadgets better.
Main functions include installing applications from both official and unofficial sources, geolocating the device, accessing SMS logs as well as the configuration of profiles, and locking of the device among others.
These collective characteristics facilitate effective monitoring of mobile devices in organizational settings.
In an investigation, the Group-IB cybersecurity professionals discovered a serious breach in the security system of local and public MDM services in mid-January 2019.
As they identified that leaked MDM credentials expose the common laptops and smartphones for hacking.
Technical Analysis
These researchers were able to establish at least 1,500 logins being stolen after searching through numerous compromised data on the dark web.
This attack was caused by a targeted Trojan sent by threat actors, not only that even this situation proves that robust security measures should also be embedded into MDM systems to withstand such sophisticated cyber-attacks.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access
The stolen MDM login details were deeply analyzed and it was found that 27.5% of web-based MDM services interfaces were available on the internet outside a company’s network perimeter.
All these services belonged to companies with an employee count of between 10 and 5000 from different countries, even those with more than $1 billion in revenue declared.
While the companies are from countries like India, France, the Netherlands, Indonesia, Italy, Brazil, Turkey, Germany, Spain, and Belgium.
This widespread external accessibility of MDM services poses significant security risks since they are meant to manage and secure mobile devices within an organization from a central location.
By exposing these public internet-facing enterprise management platforms, implies an increase in attack surface which consequently heightens the possible dangers associated with unauthorized access, data breaches as well as other malicious activities.
The unauthorized access to MDM consoles, corporate data, and managed devices is possible in case the MDM credentials are hacked.
This will occur when malware is planted, remote locking or wiping of devices happens as well as remote controls.
These types of breaches can lead to major reputational damage, legal issues, financial distress, poor productivity levels, and customer dissatisfaction.
Organizational mobile devices are required to be managed and secured by MDM systems, however, some recent findings have exposed vulnerabilities in web-based interfaces and open MDM services consequently necessitating the need for strong security measures.
Loss of data, regulatory nonconformity, and operational disruptions are possible risks resulting from compromised MDM credentials.
Recommendations
Here below we have mentioned all the recommendations:-
- Re-enroll all devices with new MDM credentials if hacked or Dark Web access is found.
- Revoke credentials immediately to stop unauthorized access.
- Use threat intelligence tools for continuous Dark Web monitoring.
- Implement MFA for MDM system access.
- Regularly train employees on credential management and phishing awareness.
Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download