State-backed hackers and criminal gangs are now actively using a vulnerability in mobile device management (MDM) software to successfully gain access to networks across government, healthcare and other industries.
MDM systems allow system administrators to manage an organisation’s mobile devices from a central server, making them a valuable target for criminals or spies to break into.
SEE: Network security policy (TechRepublic Premium)
In June 2020, MobileIron released security updates to address several vulnerabilities in its products. This included CVE-2020-15505, a remote code execution vulnerability. This critical-rated vulnerability affects MobileIron Core and Connector products, and could allow a remote attacker to execute arbitrary code on a system.
The NCSC is aware that nation-state groups and cyber criminals “are now actively attempting to exploit this vulnerability to compromise the networks of UK organisations”.
While the UK report doesn’t provide any information as to the identity of these groups, this vulnerability has already become popular with Chinese state-backed hackers.
While MobileIron made security updates available for all impacted versions on 15 June 2020, not every organisation has yet updated their software.
“In some cases, when the latest updates are not installed, they have successfully compromised systems. The healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected,” NCSC said.
A proof-of-concept version of the exploit became available in September 2020, and since then both hostile state actors and cyber criminals have attempted to exploit this vulnerability in the UK and elsewhere.
These attackers typically scan victims’ networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting, NCSC said. It noted that sophisticated hackers are using this vulnerability in combination with the Netlogon/Zerologon vulnerability CVE-2020-1472 in a single intrusion attempt.
NCSC notes that it’s also important for organisations using affected versions to ensure they are following other best-practice cybersecurity advice, such as scanning their own networks and undertaking continual audits. This will help identify suspicious activity in the event that this vulnerability has already been exploited.
“In the case of this MobileIron vulnerability, the most important aspect is to install the latest updates as soon as practicable,” NCSC said.