A major cyberattack targeting Mobile Guardian, a UK mobile device management (MDM) company, caused widespread disruption to schools and businesses around the world, including North America, Europe, and Singapore. The incident led to data loss and remote wipe of iOS and ChromeOS devices for thousands of users.
Mobile Guardian acknowledged the global scale of the attack in a statement, saying it affected users in North America, Europe, and Asia Pacific.
“Mobile Guardian experienced a security incident involving unauthorized access to iOS and ChromeOS devices registered on the Mobile Guardian platform on August 4,” the statement said.
The company has temporarily suspended its services to contain the damage and “investigate the breach.”
In Singapore, the attack has had a devastating impact on the education sector. About 13,000 students from 26 high schools found their iPads and Chromebooks inoperable after being remotely wiped by attackers.
Singapore’s Ministry of Education (MOE) was warned late on August 4 that students using iPads or Chromebooks as personal learning devices could not access their applications and data. A quick investigation revealed a global cybersecurity incident affecting the Mobile Guardian platform, which serves customers around the world, including in Singapore.
“On the night of August 4, we were informed by the schools that some students could not access their applications and information stored on their devices,” the MOE statement said. “MOE immediately registered serious concerns with mobile device management company Mobile Guardian.”
As a precautionary measure, the MOE, which hired the services of an MDM vendor in 2020, announced the removal of the Mobile Guardian Device Management Application from all iPads and Chromebooks. Efforts are underway to return these devices to normal use, the department said in a statement.
“We understand that students are naturally concerned and worried about this incident. MOE is working with schools to support affected students, including deploying additional IT teams and providing additional learning resources,” added MOE.
Ironically, the MDM vendor’s vision statement reads, “That everything, in the hands of every child, is secure.”
“This raises serious concerns about the future of businesses and schools sourcing software solutions for SMEs and startups,” said Neil Shah, VP of research and partner at Counterpoint Research. “It is likely to encourage large business, government, academia and businesses to choose reliable and independent companies.”
The breach highlighted vulnerabilities in systems used for educational purposes, raising concerns about security measures in place to protect sensitive data and ensure uninterrupted learning.
Shah pointed out that events like this may make schools using “Apple devices may turn to solutions from Jamf, Mosyle, and similar providers.”
“This is the second breach of Mobile Guardian, which may tarnish their reputation and future prospects,” added Shah.
The incident follows a separate technical issue in July, where a Mobile Guardian “configuration error” led to connection problems for some readers. The MOE statement said the July incident, which resulted in some students across multiple schools experiencing “problems connecting to the Internet and/or receiving error messages, is due to human error in the configuration of Mobile Guardian.”
The MDM company clarified in a statement that the latest cyber attack is not related to previous technical problems.
Cybersecurity experts warn that these attacks highlight the growing vulnerability of critical infrastructure to sophisticated cyber threats.
“From a best practices perspective, Mobile Guardian requires strong security protocols, strong login policies, multi-factor authentication, encryption, various data loss prevention tools, SIEM systems, and more. They need to invest in a data breach or suspicious activity flagging system and conduct regular security vulnerability research and hackathons to make the entire solution robust,” added Shah.
A query seeking comment from Mobile Guardian and MOE, Singapore, has not been answered.
Source link