Monday, November 11, 2024
HomeCyber Security NewsLeaked MDM Credentials Exposes Commonly Laptops And Smartphones For Hacking

Leaked MDM Credentials Exposes Commonly Laptops And Smartphones For Hacking

Published on

Malware protection

Mobile Device Management (MDM) is a device management solution for laptops, tablets, and smartphones used by organizations to enable them to control and protect their employees’ mobile devices.

Moreover, MDM has been developed with various tools that administrators can use to manage these gadgets better.

Main functions include installing applications from both official and unofficial sources, geolocating the device, accessing SMS logs as well as the configuration of profiles, and locking of the device among others.

- Advertisement - SIEM as a Service

These collective characteristics facilitate effective monitoring of mobile devices in organizational settings.

In an investigation, the Group-IB cybersecurity professionals discovered a serious breach in the security system of local and public MDM services in mid-January 2019.

As they identified that leaked MDM credentials expose the common laptops and smartphones for hacking. 

Technical Analysis

These researchers were able to establish at least 1,500 logins being stolen after searching through numerous compromised data on the dark web.

This attack was caused by a targeted Trojan sent by threat actors, not only that even this situation proves that robust security measures should also be embedded into MDM systems to withstand such sophisticated cyber-attacks.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

⁤The stolen MDM login details were deeply analyzed and it was found that 27.5% of web-based MDM services interfaces were available on the internet outside a company’s network perimeter. ⁤

⁤All these services belonged to companies with an employee count of between 10 and 5000 from different countries, even those with more than $1 billion in revenue declared. ⁤

While the companies are from countries like India, France, the Netherlands, Indonesia, Italy, Brazil, Turkey, Germany, Spain, and Belgium.

Top countries of leaked logins and passwords (Source – Group-IB)

⁤This widespread external accessibility of MDM services poses significant security risks since they are meant to manage and secure mobile devices within an organization from a central location. ⁤

⁤By exposing these public internet-facing enterprise management platforms, implies an increase in attack surface which consequently heightens the possible dangers associated with unauthorized access, data breaches as well as other malicious activities.

The unauthorized access to MDM consoles, corporate data, and managed devices is possible in case the MDM credentials are hacked.

This will occur when malware is planted, remote locking or wiping of devices happens as well as remote controls.

Distribution by TLDs (Source – Group-IB)

These types of breaches can lead to major reputational damage, legal issues, financial distress, poor productivity levels, and customer dissatisfaction.

Organizational mobile devices are required to be managed and secured by MDM systems, however, some recent findings have exposed vulnerabilities in web-based interfaces and open MDM services consequently necessitating the need for strong security measures.

Loss of data, regulatory nonconformity, and operational disruptions are possible risks resulting from compromised MDM credentials.

Recommendations

Here below we have mentioned all the recommendations:-

  • Re-enroll all devices with new MDM credentials if hacked or Dark Web access is found.
  • Revoke credentials immediately to stop unauthorized access.
  • Use threat intelligence tools for continuous Dark Web monitoring.
  • Implement MFA for MDM system access.
  • Regularly train employees on credential management and phishing awareness.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download

Latest articles

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...