Leaked MDM Credentials Exposes Commonly Laptops And Smartphones For Hacking

Mobile Device Management (MDM) is a device management solution for laptops, tablets, and smartphones used by organizations to enable them to control and protect their employees’ mobile devices.

Moreover, MDM has been developed with various tools that administrators can use to manage these gadgets better.

Main functions include installing applications from both official and unofficial sources, geolocating the device, accessing SMS logs as well as the configuration of profiles, and locking of the device among others.

These collective characteristics facilitate effective monitoring of mobile devices in organizational settings.

In an investigation, the Group-IB cybersecurity professionals discovered a serious breach in the security system of local and public MDM services in mid-January 2019.

As they identified that leaked MDM credentials expose the common laptops and smartphones for hacking. 

Technical Analysis

These researchers were able to establish at least 1,500 logins being stolen after searching through numerous compromised data on the dark web.

This attack was caused by a targeted Trojan sent by threat actors, not only that even this situation proves that robust security measures should also be embedded into MDM systems to withstand such sophisticated cyber-attacks.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

⁤The stolen MDM login details were deeply analyzed and it was found that 27.5% of web-based MDM services interfaces were available on the internet outside a company’s network perimeter. ⁤

⁤All these services belonged to companies with an employee count of between 10 and 5000 from different countries, even those with more than $1 billion in revenue declared. ⁤

While the companies are from countries like India, France, the Netherlands, Indonesia, Italy, Brazil, Turkey, Germany, Spain, and Belgium.

Top countries of leaked logins and passwords (Source – Group-IB)

⁤This widespread external accessibility of MDM services poses significant security risks since they are meant to manage and secure mobile devices within an organization from a central location. ⁤

⁤By exposing these public internet-facing enterprise management platforms, implies an increase in attack surface which consequently heightens the possible dangers associated with unauthorized access, data breaches as well as other malicious activities.

The unauthorized access to MDM consoles, corporate data, and managed devices is possible in case the MDM credentials are hacked.

This will occur when malware is planted, remote locking or wiping of devices happens as well as remote controls.

Distribution by TLDs (Source – Group-IB)

These types of breaches can lead to major reputational damage, legal issues, financial distress, poor productivity levels, and customer dissatisfaction.

Organizational mobile devices are required to be managed and secured by MDM systems, however, some recent findings have exposed vulnerabilities in web-based interfaces and open MDM services consequently necessitating the need for strong security measures.

Loss of data, regulatory nonconformity, and operational disruptions are possible risks resulting from compromised MDM credentials.

Recommendations

Here below we have mentioned all the recommendations:-

  • Re-enroll all devices with new MDM credentials if hacked or Dark Web access is found.
  • Revoke credentials immediately to stop unauthorized access.
  • Use threat intelligence tools for continuous Dark Web monitoring.
  • Implement MFA for MDM system access.
  • Regularly train employees on credential management and phishing awareness.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download

Aman Mishra

Recent Posts

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian…

10 hours ago

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…

12 hours ago

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…

12 hours ago

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…

12 hours ago

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

2 days ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

3 days ago